An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit.
Both recursive and authoritative servers are vulnerable to this defect. Additionally, exposure is not prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling, before checks enforcing those boundaries.
To check whether the used version of BIND is vulnerable, visit the following pages:
Operators should take steps to upgrade to a patched version as soon as possible.
More information about CVE-2015-5477 can be found on ISC website
Call to Action
Update BIND package to the latest version.
# yum update bind
# apt-get install bind9
# zypper update bind
For H-sphere Bind follow this article:
The fixed version of BIND have been released by the OS vendors:
Odin takes the security of our customers very seriously and encourages you to take the recommended actions as soon as possible.
We also strongly encourage you to stay connected to Odin for important product-related information via these methods: