Serious Internet Server Exploit Widely Available

The ubiquitous DNS server standard, Bind 9, is vulnerable to an exploit that has already been made public, the Internet Systems Consortium warned.According to this advisory from the ISC, the flaw in Bind 9 has no workaround, and administrators will need to upgrade to the latest.

Successful attack will lead to a denial-of-service condition. From the ISC:

"Receipt of a specially-crafted dynamic update message to a zone for which the server is the master may cause BIND 9 servers to exit. Testing indicates that the attack packet has to be formulated against a zone for which that machine is a master. Launching the attack against slave zones does not trigger the assert.

This vulnerability affects all servers that are masters for one or more zones - it is not limited to those that are configured to allow dynamic updates. Access controls will not provide an effective workaround.

"

The ISC has rated this situation as urgent, and asks users to immediately upgrade. The latest versions of Bind, 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1 can be found at the end of the advisory.

Bind 9 (Berkeley Internet Name Domain) is a fresh rewrite of the Domain Name System server, some of the security enhancements include support of DNS Security Extensions, IPv6, and enhanced encryption for remote and local terminals.

For my mobile security, business, and technology observations consider following me on Twitter.