In association with heise online

29 July 2009, 13:09

BIND name server vulnerable to DoS attacks

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A vulnerability in the popular open source BIND9 name server allows attackers to remotely trigger a server crash. According to the error report, a single specially crafted "dynamic update" packet is all that is required to prevent IP addresses from being translated into server addresses. Authorised name-servers use dynamic updates to add, or remove, resource records to, or from, a zone.

This DoS problem presents a particular threat because attackers don't require any authentication to exploit the hole, and because the server doesn't need to be specially configured for processing dynamic updates. However, according to the vendor, Internet Systems Consortium (ISC), the attack is only successful in systems where BIND has been set up as a master for a zone – slave zones reportedly remain unaffected.

An exploit for crafting a malicious packet can be found in the original bug report. The ISC therefore advises users to update to BIND versions 9.4.3-P3, 9.5.1-P3 or BIND 9.6.1-P1. The Linux distributors have already released updated packets, which users are advised to install immediately.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit