{"id":2447,"date":"2013-03-29T00:00:00","date_gmt":"2013-03-29T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2013\/03\/29\/critical-denial-of-service-flaw-in-bind-software-puts-dns-servers-at-risk\/"},"modified":"2021-12-30T11:41:21","modified_gmt":"2021-12-30T11:41:21","slug":"critical-denial-of-service-flaw-in-bind-software-puts-dns-servers-at-risk","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2013\/03\/29\/critical-denial-of-service-flaw-in-bind-software-puts-dns-servers-at-risk\/","title":{"rendered":"Critical denial-of-service flaw in BIND software puts DNS servers at risk"},"content":{"rendered":"","protected":false},"excerpt":{"rendered":"<p>A flaw in the widely used BIND DNS (Domain Name System) software can be exploited by remote attackers to crash DNS servers and affect the operation of other programs running on the same machines.\u00a0BIND versions 9.7.x, 9.8.0 up to 9.8.5b1 and 9.9.0 up to 9.9.3b1 for UNIX-like systems are vulnerable, according to a security advisory published Tuesday by the Internet Systems Consortium (ISC), a nonprofit corporation that develops and maintains the software.<\/p>\n<p>The vulnerability can be exploited by sending specifically crafted requests to vulnerable installations of BIND that would cause the DNS server process\u2014the name daemon, known as \u201cnamed\u201d\u2014to consume excessive memory resources.<\/p>\n<p>\u201cHowever, at the time of this advisory, BIND 10 is not \u2018feature complete,\u2019 and depending on your deployment needs, may not be a suitable replacement for BIND 9.\u201d\u00a0<\/p>\n<p>\u201cIt took me approximately ten minutes of work to go from reading the ISC advisory for the first time to developing a working exploit,\u201d a user named Daniel Franke said in a message sent to the Full Disclosure security mailing list on Wednesday.\u00a0Franke is not the only one possible, and that operators of *ANY* recursive *OR* authoritative nameservers running an unpatched installation of an affected version of BIND should consider themselves vulnerable to this security issue,\u201d Wright said. &#8230; Franke\u2019s comment, which is that the required complexity of the exploit for this vulnerability is not high, and immediate action is recommended to ensure your nameservers are not at risk.\u201d<\/p>\n<p>This bug could be a serious threat considering the widespread use of BIND 9, according to Dan Holden, director of the security engineering and response team at DDoS mitigation vendor Arbor Networks.<\/p>\n<p>&#8230;Several security companies said earlier this week that a recent distributed denial-of-service (DDoS) attack targeting an anti-spam organization was the largest in history and affected critical Internet infrastructure.<\/p>\n<p>\u201cIf operators are relying on inline detection and mitigation, very few security research organizations are proactive about developing their own proof-of-concept code on which to base a mitigation upon,\u201d Holden said.<\/p>\n<p>Link:\u00a0http:\/\/www.computerworld.com\/s\/article\/print\/9238002\/Critical_denial_of_service_flaw_in_BIND_software_puts_DNS_servers_at_risk?taxonomyName=Malware+and+Vulnerabilities&amp;taxonomyId=85<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"class_list":["post-2447","post","type-post","status-publish","format-standard","hentry","category-warnings"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2447","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2447"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2447\/revisions"}],"predecessor-version":[{"id":4934,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2447\/revisions\/4934"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2447"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2447"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2447"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}