From secunia security advisory at $URL: Description: The vulnerability is caused due to an error within the cache update policy, which does not properly handle revoked domain names. This can be exploited to keep the domain name resolvable after being deleted from registration. The vulnerability is reported in all 9.x versions. Solution: Unpatched Original Advisory https://www.isc.org/software/bind/advisories/cve-2012-1033
CVE-2012-1033 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1033): The resolver in ISC BIND 9 through 9.8.1-P1 does not properly implement a cache update policy, which allows remote attackers to trigger continued resolvability of domain names that are no longer registered via an unspecified "Ghost Names exploit."
From the upstream advisory [1]: "**Delayed Update of 29 May -- The following releases, 9.6-ESV-R6, 9.7.5, 9.8.2, 9.9.0, and subsequent releases have changes to address this issue: 3282. [bug] Restrict the TTL of NS RRset to no more than that of the old NS RRset when replacing it. [RT #27792] [RT #27884]**" Adding to existing GLSA draft with 427966. If there are any objections, feel free to delete from the draft. [1] https://www.isc.org/software/bind/advisories/cve-2012-1033
This issue was resolved and addressed in GLSA 201209-04 at http://security.gentoo.org/glsa/glsa-201209-04.xml by GLSA coordinator Sean Amoss (ackle).