The ubiquitous DNS server standard, Bind 9, is vulnerable to an exploit that has already been made public, the Internet Systems Consortium warned.
July 29, 2009
The ubiquitous DNS server standard, Bind 9, is vulnerable to an exploit that has already been made public, the Internet Systems Consortium warned.According to this advisory from the ISC, the flaw in Bind 9 has no workaround, and administrators will need to upgrade to the latest.
Successful attack will lead to a denial-of-service condition. From the ISC:
"Receipt of a specially-crafted dynamic update message to a zone for which the server is the master may cause BIND 9 servers to exit. Testing indicates that the attack packet has to be formulated against a zone for which that machine is a master. Launching the attack against slave zones does not trigger the assert.
This vulnerability affects all servers that are masters for one or more zones - it is not limited to those that are configured to allow dynamic updates. Access controls will not provide an effective workaround.
"
The ISC has rated this situation as urgent, and asks users to immediately upgrade. The latest versions of Bind, 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1 can be found at the end of the advisory.
Bind 9 (Berkeley Internet Name Domain) is a fresh rewrite of the Domain Name System server, some of the security enhancements include support of DNS Security Extensions, IPv6, and enhanced encryption for remote and local terminals.
For my mobile security, business, and technology observations consider following me on Twitter.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024