Skip to main content
Accessibility Resource Center Skip to main content
Have a phone you love? Get up to $500 when you bring your phone.
end of navigation menu
Quantum Gateway BIND vulnerability
jerrylotto1
Newbie

A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request.  The mitigation is to update to version 9.9.10-P2, 9.10.5-P2, 9.11.1-P2, 9.9.10-S3, 9.10.5-S3 or later but the bind code integral to the current FIOS Quantum gateway image is one of ISC BIND versions 9.4.0-9.8.8, 9.9.0-9.9.10-P1, 9.10.0-9.10.5-P1, 9.11.0-9.11.1-P1, 9.9.3-S1-9.9.10-S2 and 9.10.5-S1-9.10.5-S2 - all of which are impacted by this flaw.  Please update the firmware image as there is no customer intervention possible other than to turn off dynamic DNS on the gateway and run a software solution.  Between that problem and the 5G wifi issue - this quantum gateway is fast becoming useless.

0 Likes