Red Hat Bugzilla – Bug 999170
bind: vulnerability in the SRTT algorithm
Last modified: 2016-06-13 04:36:25 EDT
A deficiency in the SRTT (Smoothed Round Trip Time) algorithm in BIND9 was reported that could theoretically allow an attacker to lower the SRTT value that a recursive resolver has associated with an authoritative server. This could allow the attacker to influence the selection of a specific authoritative server from an NS resource record set with multiple values and thus determine which of multiple authoritative servers for a domain will be queried.
ISC has indicated that they intend to address this deficiency by reimplementing the SRTT algorithm in a future maintenance release of BIND9. They also note that "the deficiency in the SRTT algorithm is not considered an exploitable security vulnerability on its own".
This issue affects the version of bind shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the version of bind97 shipped with Red Hat Enterprise Linux 5. Upstream has indicated that they intend to address this deficiency by reimplementing the SRTT algorithm in a future maintenance release of BIND9.