In association with heise online

22 January 2010, 18:58

Security update for BIND name server

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Internet Systems Consortium (ISC), the company behind the open source DNS BIND, software, has released security updates to resolve a DNSSEC-related vulnerability that could lead to Denial-of-Service (DoS) attacks. According to the relevant advisory, the server's domain validation code contains a flaw that can cause an NXDomain to be regarded as validated although it isn't. With the usual protective measures (random transaction IDs and random source ports) in place, however, the cache is not said to be open to manipulation. However, the prevention of DoS attacks is apparently, compromised. No further details were given by ISC.

BIND versions 9.0.x, 9.1.x, 9.2.x, 9.3.x, 9.4.0 up to and including 9.4.3-P4, 9.5.0 up to and including 9.5.2-P1, and 9.6.0 up to and including 9.6.1-P2 are affected. Updating to 9.4.3-P5, 9.5.2-P2 or 9.6.1-P3 fixes the problem. Versions 9.0 to 9.3 are no longer supported. The BIND 9.7 beta is also affected, but the flaw will be fixed in a new version.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit