Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

BIND security update protects against serious server crash

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 17 Nov 2011 04:40:22 -0600 (CST)
http://www.theregister.co.uk/2011/11/16/bind_in_a_bind_again/

By Richard Chirgwin
The Register
16th November 2011
Updated - The Internet Systems Consortium is advising BIND users to update immediately to protect against a bug that may already be under attack to crash vulnerable servers.
The ISC says an unidentified network event caused BIND 9 resolvers to cache an invalid record, and when subsequent queries requested the invalid record, the servers crashed with the following assertion failure: 

INSIST(! dns_rdataset_isassociated(sigrdataset)).
It’s also apparently being exploited to attack networks, with multiple members of the BIND users email list from Germany, France and the US reporting simultaneous crashes across multiple servers.
The ISC describes the bug as a potential zero-day exploit with no workaround, and urges immediate upgrade to BIND 9.8.1-P1, 9.7.4-P1, 9.6-ESV-R5-P1, or 9.4-ESV-R5-P1. 

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Previous By Date Next
Previous By Thread Next

Current thread: