In association with heise online

04 May 2007, 13:44

Security updates for the BIND nameserver available

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Internet Systems Consortium, Inc. (ISC) has published a vulnerability of their BIND nameserver, which may be exploited to crash a server. The bug is related to the query_addsoa function and can be provoked by sending a specific sequence of manipulated queries to the server. While ISC does not provide more detailed information on this issue, the severity of this problem is rated as critical. Affected versions include BIND 9.4.0, BIND 9.5.0a1, 9.5.0a2, and 9.5.0a3. Version 9.5.0x is not publicly available. Updating to BIND 9.4.1 or BIND 9.5.0a4 will remedy this vulnerability; an alternative workaround is to disable recursion.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit