A critical vulnerability in BIND threatened the stability of the DNS server.
The problem became apparent when developers were testing experimental DNS record types, when they found it was possible to add records to BIND with zero length rdata fields, according to the advisory.
BIND is the most widely used DNS software on the Internet. It provides platform where organizations can build distributed computing systems with the knowledge those systems are fully compliant with published DNS standards.
They found recursive servers could crash or disclose memory content to clients, while secondary servers could crash on restart if they had transferred a zone with these zero-length records.
In addition, in certain circumstances, master servers could also corrupt zone data if “auto-dnssec” was set to “maintain.”
There are currently no known active exploits, though the issue has been the topic of conversation on public mailing lists.
There are also no known workarounds for the problem, but officials are investigating a mitigation. The only option is to upgrade to the latest BIND versions, 9.6-ESV-R7-P1, 9.7.6-P1, 9.8.3-P1, or 9.9.1-P1 as appropriate; the source and Windows versions are available from the ISC Bind Download page.