Network Security, Vulnerability Management

In a BIND: Third parties distributed outdated, vulnerable ISC Domain Name System software

The Internet Systems Consortium issued a security advisory on Wednesday, warning that some third parties are distributing outdated versions of ISC's Berkeley Internet Name Domain (BIND) software that contain a high-severity vulnerability, which bad actors can use to remotely trigger an assertion failure.

ISC described the issue affecting the open-source Domain Name System software as a packet with a malformed options section. “A server vulnerable to this defect can be forced to exit with an assertion failure if it receives a malformed packet,” the advisory states. As of May 2013, the flaw was corrected in ISC-distributed versions of the software, but other entities are distributing software packages that include a vulnerable version of BIND that does not include the patch, identified as fix #3548. Users of ISC-distributed BIND software that predate May 2013 are also susceptible to the vulnerability, designated as CVE-2016-2848.

BIND is the open-source software component that implements Domain Name System protocols. Versions 9.1.0 through 9.9.4-P2 and 9.9.0 through 9.9.2-P2 are affected.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.