- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Bind9 Exploits CVE-2016-9131, CVE-2016-9147, and CVE-2016-9444
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello everybody,
I curently use my ReadyNAS as a DNS server using Bind9 version 9.9.5-9+deb8u7-Debian. I recently came across CVE-2016-9131, CVE-2016-9147, as well as CVE-2016-9444, and realized that I am vulnerable to these exploits. ReadyNAS OS 6 Version 6.6.1 was recently released, but the release notes do not mention these as part of the update. I am wondering when Netgear will release an update in order to patch these vulnerabilities. According to kb.isc.org, this is patched in Bind9 9.9.5-P5, Bind9 9.10.4-P5, or Bind9 9.11.0-P2. Any information that anybody has is appreciated.
Thanks.
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Stock OS 6.6.1 doesn't include Bind9 at all. You must have manually installed it.
Did you try the obvious apt-get update bind9 ?
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Stock OS 6.6.1 doesn't include Bind9 at all. You must have manually installed it.
Did you try the obvious apt-get update bind9 ?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: Bind9 Exploits CVE-2016-9131, CVE-2016-9147, and CVE-2016-9444
Hello Stephen, thanks for your reply.
I overlooked the issue and initially thought that the systems came with Bind9. After reading your response, I first ran the "apt-get update bind9" command which responded with "E: The update command takes no arguments," so I then ran "apt-get install bind9" which was able to install the most recent patched version (1:9.9.5.dfsg-9+deb8u9). Thanks for the suggestion which lead me to completing the patch.