Article ID: 126376, created on Jul 31, 2015, last review on Jun 17, 2016

  • Applies to:
  • Operations Automation
  • Plesk
  • Virtuozzo
  • Virtuozzo containers
  • Virtuozzo hypervisor
  • H-Sphere


An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit.


Both recursive and authoritative servers are vulnerable to this defect. Additionally, exposure is not prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling, before checks enforcing those boundaries.

To check whether the used version of BIND is vulnerable, visit the following pages:

Operators should take steps to upgrade to a patched version as soon as possible.

More information about CVE-2015-5477 can be found on ISC website

Call to Action

Update BIND package to the latest version.


# yum update bind


# apt-get install bind9


# zypper update bind

For H-sphere Bind follow this article:

[H-sphere] CVE-2015-5477 BIND vulnerability

The fixed version of BIND have been released by the OS vendors:

Odin takes the security of our customers very seriously and encourages you to take the recommended actions as soon as possible.

We also strongly encourage you to stay connected to Odin for important product-related information via these methods:

Search Words


400e18f6ede9f8be5575a475d2d6b0a6 caea8340e2d186a540518d08602aa065 e0aff7830fa22f92062ee4db78133079 a26b38f94253cdfbf1028d72cf3a498b 2897d76d56d2010f4e3a28f864d69223 a914db3fdc7a53ddcfd1b2db8f5a1b9c 56797cefb1efc9130f7c48a7d1db0f0c f213b9fa8759d57bee5d547445806fe7 6311ae17c1ee52b36e68aaf4ad066387 5356b422f65bdad1c3e9edca5d74a1ae 614fd0b754f34d5efe9627f2057b8642 d02f9caf3e11b191a38179103495106f 0dd5b9380c7d4884d77587f3eb0fa8ef

Email subscription for changes to this article
Save as PDF