dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
831

Cartel
Intel inside Your sensitive data outside
Premium Member
join:2006-09-13
Chilliwack, BC

1 recommendation

Cartel

Premium Member

Critical BIND Vulnerability Puts DNS Servers At Risk

A flaw reported in the handling of regular expressions means most DNS servers running on Linux or Unix are vulnerable to denial-of-service attacks, according to security experts

Denial of service

The flaw affects the version of BIND used on Linux and Unix systems, but doesn't affect the Windows version. BIND is the de facto standard DNS server software on Unix. Other programs using BIND's libdns library are also potentially vulnerable to the same attack.

»www.techweekeurope.co.uk ··· noscript

FF4m3
@rr.com

FF4m3

Anon

From ISC.org:

Versions affected:
"Unix" versions of BIND 9.7.x, 9.8.0 -> 9.8.5b1, 9.9.0 -> 9.9.3b1. (Windows versions are not affected. Versions of BIND 9 prior to BIND 9.7.0 (including BIND 9.6-ESV) are not affected. BIND 10 is not affected.)

Workarounds:
Patched versions are available or operators can prevent exploitation of this bug in any affected version of BIND 9 by compiling without regular expression support.

Active exploits:
No known active exploits.


kickass69
join:2002-06-03
Lake Hopatcong, NJ

kickass69 to Cartel

Member

to Cartel
A rare instance where Windows isn't affected by a widespread vulnerability.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE

MVM

...so why doesn't this rate a mention on the 6 o'clock news? Oh right... "what's BIND? Who cares... next story!" goes the newsroom editor.

Regards