banner



Home  ›  ISC patches publicly disclosed denial-of-service vulnerability affecting BIND 9 - sosacolusay

ISC patches publicly disclosed denial-of-service vulnerability affecting BIND 9 - sosacolusay

Written By Thursday, January 6, 2022 Add Comment Edit

The Internet Systems Consortium (ISC), the arrangement that develops and maintains the wide used BIND DNS (Domain Name System) software, has patched a publicly disclosed vulnerability that can be used to remotely crash DNS servers running recent releases of BIND 9.

The exposure affects DNS servers that use BIND 9.6-ESV-R9, 9.8.5, and 9.9.3 and are configured to melt as recursive resolvers—a rattling green DNS host configuration. Older versions of the BIND 9 software, including versions 9.6.0 direct 9.6-ESV-R8, 9.8.0 through 9.8.4-P2, and 9.9.0 through and through 9.9.2-P2 are not smitten.

"By sending a recursive resolver a query for a record in a specially malformed zone, an attacker can crusade BIND 9 to exit with a fatal 'RUNTIME_CHECK' error in resolver.c," ISC said in an advisory published Tues. The organization rates this vulnerability as highly severe.

There are no known cases of intentional victimisation of this defect, ISC said. Even so, the vulnerability was disclosed on an open mailing list with enough inside information that would allow attackers to develop an exploit, it said.

world wide web

Refreshing versions of BIND 9 that contain a fix for this bug have been discharged. These are: Stick 9 version 9.9.3-P1, BIND 9 version 9.8.5-P1 and BIND 9 version 9.6-ESV-R9-P1.

There are no known workarounds, so "the recommended solution is to upgrade to the patched release most closely related to your current interlingual rendition of BIND," ISC said.

DNS servers have been increasingly targeted in distributed denial-of-serve (DDoS) attacks recently, either to directly affect their owners or as part of DNS gain attacks against third-party victims.

BIND is the most wide utilised DNS server software connected the Internet and is the common DNS software on many Unix-like systems, including Linux, Solaris, various BSD variants and Mac OS X.

Source: https://www.pcworld.com/article/452288/isc-patches-publicly-disclosed-denialofservice-vulnerability-affecting-bind-9.html

Posted by: sosacolusay.blogspot.com

0 Response to "ISC patches publicly disclosed denial-of-service vulnerability affecting BIND 9 - sosacolusay"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel