DoS Attack Exploit in BIND 9

Jul 29, 2009

Ulrich Bantle

A specially crafted dynamic update message to a DNS zone for which the server is a master can raise havoc in BIND 9. An active remote exploit is already "in wide circulation."

All BIND 9 versions are affected, hence a recommended immediate update to 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1. A number of Linux distros have already reacted with updated versions, among them Debian and Ubuntu.

A certain NSUPDATE from an unauthenticated attacker can bring the entire server down, creating a denial-of-service (DoS) condition. The security bulletin indicates that the vulnerability "affects all servers and is not limited to those that are configured to allow dynamic updates." The only mitigating condition is that the attack works only against DNS master servers for one or more zones and not against slave servers.

Downloads of the recommended BIND patches are available in the ISC security bulletin.

Related content

Adobe Reader and Acrobat Security Updates

Adobe has released security updates for its PDF Reader and Acrobat 9.1 and earlier versions.

more »
Open Office 2.4 Closes Vulnerabilities

The Open Office project has just announced that the latest 2.4 version of the free office suite removes a number of security issues.

more »
Adobe Security Patches Good for Win and Mac Only

Adobe Reader and Acrobat have been burdened with security problems. The Windows and Mac versions are now being patched. Linux users will have to wait.

more »
Bind 10 Test Drive

Admins have waited all of five years for the 10th major release of the Bind name server, which appeared at the end of March this year. The latest release is a complete rewrite of the DNS server, with a modular design and new configuration tools, but is it ready for business?

more »
Apache 2.2.13 with Overflow Protection

With Apache 2.2.13, developers have closed security holes in the popular webserver.

more »

comments powered by Disqus

Issue 235/2020

Buy this issue as a PDF

Digital Issue: Price $12.99

(incl. VAT)

News

Linux Apps on Windows Is Coming

Linux , Windows

Linux GUI apps will be coming to Windows Subsystem for Linux.
Linux Usage Is on the Rise

According to NetMarketShare, Linux saw a significant bump in usage during April.
Lenovo is Jumping on the Linux Laptop Bandwagon

PC and laptop maker Lenovo is set to release ThinkPad laptops pre-installed with Fedora Linux.
A New Linux Laptop Is in the Making

Manjaro Linux and TUXEDO computers have joined forces to develop the InfinityBook Manjaro.
Ubuntu 20.04 Has Been Released

Ubuntu

The latest iteration of the user-friendly Linux distribution is now available.
Nextcloud Partners with IONOS

Cloud , Nextcloud

Nextcloud has partnered with Germany’s largest cloud provider, IONOS, to provide a safe haven for your data within the cloud.
Linux to Get High Resolution Wheel Scrolling

Work on high resolution wheel scrolling for the Linux desktop is being completed.
KDE Developers Are Working on a TV Interface

The developers of the KDE desktop are hard at work to create a TV interface.
System76 Is Developing a New Keyboard

The company behind the incredibly powerful Thelio desktop is developing a new keyboard.
Zorin OS 15.2 Now Available

The latest release of Zorin OS offers numerous improvements.

DoS Attack Exploit in BIND 9

Related content

Issue 235/2020

Buy this issue as a PDF

News

Tag Cloud