Network Security, Vulnerability Management

BIND security update patches DoS flaw

The Internet Systems Consortium (ISC) released a patch for a remote vulnerability in BIND that could allow an attack to carry out denial-of-service (DoS) attacks.

The glitch was rated as a High severity and was caused by a defect in BIND's handling of responses containing a DNAME answer which could cause a resolver to exit after encountering an assertion failure in db.c or resolver.c, according to a Nov. 1 threat advisory.

Available updates include BIND 9 version 9.9.9-P4, BIND 9 version 9.10.4-P4, BIND 9 version 9.11.0-P1, and BIND 9 version 9.9.9-S6 and there are no known workarounds to address the issue so users are urged to update to the patch release most closely related to their current version of BIND.

While there are no known active exploits, a query which could trigger the crash was briefly discussed on a public mailing list before the domain owner pulled the record causing the problem, the advisory said.

Related

Key cybersecurity concerns among CISOs examined

Mounting zero-day vulnerabilities, more sophisticated living-off-the-land attack techniques, and escalating extortion levels were noted by Mandiant executives to be among the most pressing cybersecurity concerns faced by chief information security officers, CyberScoop reports.

US, Australia apprehend Firebird RAT developer

The FBI and Australian Federal Police have partnered to arrest and indict an unnamed Australian who developed Firebird/Hive remote access trojan and California-based Edmond Chakhmakchyan, also known as Corruption, who allegedly marketed the RAT, according to BleepingComputer.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.