In association with heise online

25 January 2007, 18:48

BIND name server vulnerable to DoS attacks

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Internet Systems Consortium (ISC), makers of the popular free name server BIND, have released a security advisory indicating a vulnerability in their product. Under certain circumstance BIND (named) crashes on dereferencing a pointer. The bug can apparently be provoked via a network, although ISC does not say exactly how.

The following versions are affected:

BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3
BIND 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6, 9.4.0b1, 9.4.0b2, 9.4.0b3, 9.4.0b4, 9.4.0rc1
BIND 9.5.0a1

The makers assess the risk as low. The bug is fixed in BIND 9.2.8, 9.3.4 and 9.4.0rc2. The forthcoming version 9.5.Oa2 should also be free of the bug. As a workaround, ISC recommends disabling or restricting recursion. A name server working recursively normally only processes queries from clients from its own domain anyway.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit