ICS Security Advisory for BIND

Number: AV18-154
Date: 21 September 2018


The purpose of this advisory is to bring attention to a security advisory recently released by the Internet Systems Consortium (ISC).


The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A successful exploitation of this vulnerability by an authenticated remote attacker may allow the modification of records on the server for versions of BIND that contain the krb-5-subdomain and ms-subdomain update policies.

Affected product:
All versions of BIND 9 prior to maintenance releases, BIND 9.11.5 and 9.12.3.

CVE Reference: CVE-2018-5741

Suggested action

CCIRC recommends that system administrators review the ISC advisory and apply the solution on affected products accordingly.



Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: