DoS Attack Exploit in BIND 9

Jul 29, 2009

A specially crafted dynamic update message to a DNS zone for which the server is a master can raise havoc in BIND 9. An active remote exploit is already "in wide circulation."

All BIND 9 versions are affected, hence a recommended immediate update to 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1. A number of Linux distros have already reacted with updated versions, among them Debian and Ubuntu.

A certain NSUPDATE from an unauthenticated attacker can bring the entire server down, creating a denial-of-service (DoS) condition. The security bulletin indicates that the vulnerability "affects all servers and is not limited to those that are configured to allow dynamic updates." The only mitigating condition is that the attack works only against DNS master servers for one or more zones and not against slave servers.

Downloads of the recommended BIND patches are available in the ISC security bulletin.

Related content

  • Bind 10 Test Drive

    Admins have waited all of five years for the 10th major release of the Bind name server, which appeared at the end of March this year. The latest release is a complete rewrite of the DNS server, with a modular design and new configuration tools, but is it ready for business?

  • Honeytrap 1.0.0 Released

    Version 1.0.0 of the honeypot daemon Honeytrap has been released. It has a completely reworked configuration mechanism and new plugins.

  • Honeynet

    Security-conscious admins can use a honeynet to monitor, log, and analyze intrusion techniques.

  • DNSSEC

    Some Internet exploits target name resolution servers. DNSSEC uses cryptography to protect the name resolution service.

  • ISC Begins BIND 10 Development

    After 10 years the industry-independent Internet Systems Consortium (ISC) is embarking on a completely new BIND implementation with BIND 10. Its patrons and sponsors should ensure that the market leader in DNS implementation is more secure, flexible and highly scalable, although developers are keeping the details close to their chests at present.

comments powered by Disqus

Issue 168/2014

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)

News