BIND 9 Vulnerability Patched

Wednesday, June 18, 2014 @ 10:06 AM gHale


A patch is in place to fix a vulnerability that could remotely crash DNS servers running newer releases of BIND 9, said officials at the Internet Systems Consortium (ISC), the organization that develops and maintains BIND DNS (Domain Name System) software.

The vulnerability affects DNS servers that use BIND 9.6-ESV-R9, 9.8.5, and 9.9.3 configured to run as recursive resolvers — a common DNS server configuration. Older versions of the BIND 9 software, including versions 9.6.0 through 9.6-ESV-R8, 9.8.0 through 9.8.4-P2, and 9.9.0 through 9.9.2-P2 do not suffer from the issue.

RELATED STORIES
Malware Hitting Linux Machines
Malware Translates to Local Language
Malware Attack Approach: Deceptive Tactics
Top Q1 Mobile Threat Target: Android

“By sending a recursive resolver a query for a record in a specially malformed zone, an attacker can cause BIND 9 to exit with a fatal ‘RUNTIME_CHECK’ error in resolver.c,” ISC said in an advisory published June 4. The organization rates this vulnerability as highly severe.

There are no cases of intentional exploitation of this flaw, ISC said. However, the vulnerability ended up disclosed on an open mailing list with enough details that would allow attackers to develop an exploit.

The developers released a new versions of BIND 9 that contain a fix for the bug. These are: BIND 9 version 9.9.3-P1, BIND 9 version 9.8.5-P1 and BIND 9 version 9.6-ESV-R9-P1.

There are no known workarounds, so “the recommended solution is to upgrade to the patched release most closely related to your current version of BIND,” ISC said.

DNS servers have been targets of distributed denial-of-service (DDoS) attacks of late, either to directly affect their owners or as part of DNS amplification attacks against third-party victims.

BIND is the most widely used DNS server software on the Internet and is the standard DNS software on many Unix-like systems, including Linux, Solaris, various BSD variants and Mac OS X.



Leave a Reply

You must be logged in to post a comment.