Patches Released for BIND Denial-of-service Vulnerability

Patches Released for BIND Denial-of-service Vulnerability

There’s a new vulnerability in the popular BIND name server software that is causing various versions of the application to crash unexpectedly after logging a certain kind of error. The Internet Systems Consortium (ISC), an organization that maintains several software products critical for Internet infrastructure, has released a patch for an actively exploited denial-of-service vulnerability in the widely used BIND DNS server.
The internet Systems Consortium (ISC) have described the problem as follows:
An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure…
Affected servers crashed after logging an error in query.c with the following message: “INSIST(! dns_rdataset_isassociated(sigrdataset))
More details are available in their advisory.
As of this posting, ISC had not revealed the underlying problem, but said the patches would prevent the servers from crashing. The flaw affects BIND 9.4-ESV, 9.6-ESV, 9.7.x, and 9.8.x. The patch basically ensures that the cache doesn’t return the anomalous data and prevents the server from crashing. ISC officials had not responded to media inquiries as of this posting, and it was unclear whether the flaw was just wreaking mayhem on the servers, or if an actual exploit was causing it.
Security intelligence firm Rapid7 said the first attack was discovered at The National Weather Service, with the following 89 discoveries of the attack on US universities.”Bind 9 is the most widely used DNS server on the internet today… Gone unchecked, this attack could potentially affect nearly the entire internet,” said Matt Barrett, senior solutions architect at Rapid7. A temporary patch has already been released.
Advertisements

5 Comments

  1. dude this just inspired a post of my own, thanks

    • ok. Enjoyed and thank’s for visiting

  2. An interesting discussion is value comment. I feel that it is best to write more on this matter, it won’t be a taboo subject however generally people are not enough to speak on such topics. To the next. Cheers

  3. Great blog! Do you have any hints for aspiring writers? I’m planning to start my own site soon but I’m a little lost on everything. Would you advise starting with a free platform like WordPress or go for a paid option? There are so many options out there that I’m totally confused .. Any tips? Many thanks!

  4. Trabalho para o amanhã – um olhar de Yesturdays em alguns exemplos…

    Foi mostrado este exemplo, através de Megan Messer sobre linkedin e encontrado lhe para ser um tanto informativo e demasiado o ponto…


Sorry, the comment form is closed at this time.

Comments RSS