Critical BIND Vulnerability Puts DNS Servers At Risk
A flaw reported in the handling of regular expressions means most DNS servers running on Linux or Unix are vulnerable to denial-of-service attacks, according to security experts
Denial of service
The flaw affects the version of BIND used on Linux and Unix systems, but doesn't affect the Windows version. BIND is the de facto standard DNS server software on Unix. Other programs using BIND's libdns library are also potentially vulnerable to the same attack.
Versions affected: "Unix" versions of BIND 9.7.x, 9.8.0 -> 9.8.5b1, 9.9.0 -> 9.9.3b1. (Windows versions are not affected. Versions of BIND 9 prior to BIND 9.7.0 (including BIND 9.6-ESV) are not affected. BIND 10 is not affected.)
Workarounds: Patched versions are available or operators can prevent exploitation of this bug in any affected version of BIND 9 by compiling without regular expression support.