Akamai Diversity

The Akamai Blog

BIND DoS Vulnerability (CVE-2015-5477)

Akamai is aware of a recently disclosed critical vulnerability in BIND (CVE-2015-5477) that can be exploited to cause a denial of service.

How does the attack work?

An attacker can cause BIND to exit by using a constructed packet to trigger a REQUIRE assertion via defective handling of a TKEY query.

How is Akamai affected?

Akamai's Fast DNS / EDNS authoritative name servers do not run BIND and as such are not impacted by this CVE.

Further, Akamai continuously evaluates CVEs as they appear, and we continue to evaluate and patch relevant systems as necessary.

What can you do to protect yourself?

If you run BIND anywhere in your environment, upgrade to the patched release most closely related to your current version of BIND. These can be downloaded from http://www.isc.org/downloads.