Spotlight | Reviews | Current Issue | Academy | Newsletter | Subscribe | Shop |
Departments

Partner Links
Make your own website
WinWeb OnlineOffice
Comparing prices of hardware is worth it.
Price Comparison
UK Linux Jobs
What:
Where:
Country:
vacatures Netherlands njobs Linux vacatures
arbeit Deutschland njobs Linux arbeit
work United Kingdom njobs Linux jobs
Lavoro Italia njobs Linux lavoro
Emploi France njobs Linux emploi
trabajo Espana njobs Linux trabajo

user friendly

Admin Magazine

ADMIN Network & Security

Subscribe now and save!

ADMIN - Explore the new world of system administration! Special introductory offer! Order by September 30th to save 10% off the regular subscription price! Each issue delivers technical solutions to the real-world problems you face every day. Learn the latest techniques for better:

  • network security
  • system management
  • troubleshooting
  • performance tuning
  • virtualization
  • cloud computing

 

on Windows, Linux, Solaris, and popular varieties of Unix.

http://www.admin-magazine.com/

  linux-magazine.com » Online » News » DoS Attack Exploit in BIND 9  

Print this page. Recommend
Share

DoS Attack Exploit in BIND 9

A specially crafted dynamic update message to a DNS zone for which the server is a master can raise havoc in BIND 9. An active remote exploit is already "in wide circulation."

All BIND 9 versions are affected, hence a recommended immediate update to 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1. A number of Linux distros have already reacted with updated versions, among them Debian and Ubuntu.

A certain NSUPDATE from an unauthenticated attacker can bring the entire server down, creating a denial-of-service (DoS) condition. The security bulletin indicates that the vulnerability "affects all servers and is not limited to those that are configured to allow dynamic updates." The only mitigating condition is that the attack works only against DNS master servers for one or more zones and not against slave servers.

Downloads of the recommended BIND patches are available in the ISC security bulletin.

(Ulrich Bantle)

Comments


Print this page. Recommend
Share
Related Articles
Nouveau Becomes NVIDIA's New Standard Driver
Script Error Opens up Security Hole in Xen 3.0.3
Canonical Chief Designer Hits the Road
Vulnerabilities in Xine-Lib and Mplayer
Hildon vs. QT: Developers at Ubuntu Mobile consider Change to KDE
Ubuntu Karmic Koala Enters Beta Test
Rikki's Open Source Exchange

Stop by Rikki's Open Source Exchange for dispatches from the world of women in open source.

Rikki Kite examines the experience of women across the spectrum of open source –
the people, projects, organizations, events, articles, issues, and news.

more...