DoS Attack Exploit in BIND 9

Jul 29, 2009

A specially crafted dynamic update message to a DNS zone for which the server is a master can raise havoc in BIND 9. An active remote exploit is already "in wide circulation."

All BIND 9 versions are affected, hence a recommended immediate update to 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1. A number of Linux distros have already reacted with updated versions, among them Debian and Ubuntu.

A certain NSUPDATE from an unauthenticated attacker can bring the entire server down, creating a denial-of-service (DoS) condition. The security bulletin indicates that the vulnerability "affects all servers and is not limited to those that are configured to allow dynamic updates." The only mitigating condition is that the attack works only against DNS master servers for one or more zones and not against slave servers.

Downloads of the recommended BIND patches are available in the ISC security bulletin.

Related content

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More