In association with heise online

06 July 2011, 11:41

Update for BIND DNS server reduces crash risk

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

ISC Logo Two vulnerabilities in the popular BIND 9 DNS server jeopardise the server's stability and can cause the service to crash. One of the flaws can be exploited remotely via specially crafted UPDATE requests and affects both recursive and authoritative servers. The developers say that the nature of the defect makes it impossible to prevent potential attacks using Access Control Lists (ACLs).

The second defect is triggered by flawed request processing in servers that use "Response Policy Zones" (RPZs). Certain DNAME and CNAME records will cause BIND to crash. The intended use of the RPZ feature is to specify domain names that are not to be resolved. The domain names in question can, for instance, be established via a reputation database. RPZ is designed to counteract the thousands of spamming and malware domains that are registered every day.

The developers have now made available updates 9.6-ESV-R4-P3, 9.7.3-P3 and 9.8.0-P4 for BIND to fix the problems.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit