Network Security, Vulnerability Management

BIND security update patches DoS flaw

The Internet Systems Consortium (ISC) released a patch for a remote vulnerability in BIND that could allow an attack to carry out denial-of-service (DoS) attacks.

The glitch was rated as a High severity and was caused by a defect in BIND's handling of responses containing a DNAME answer which could cause a resolver to exit after encountering an assertion failure in db.c or resolver.c, according to a Nov. 1 threat advisory.

Available updates include BIND 9 version 9.9.9-P4, BIND 9 version 9.10.4-P4, BIND 9 version 9.11.0-P1, and BIND 9 version 9.9.9-S6 and there are no known workarounds to address the issue so users are urged to update to the patch release most closely related to their current version of BIND.

While there are no known active exploits, a query which could trigger the crash was briefly discussed on a public mailing list before the domain owner pulled the record causing the problem, the advisory said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.