New DDoS Vulnerability in BIND 9
July 28 2009 by 
Cricket Liu (Infoblox)
In case you haven't seen the news yet, there's a serious new vulnerability in BIND 9. A carefully tailored dynamic update can crash your BIND 9 name server. Administrators of BIND 9 name servers - even those that don't allow dynamic updates - are advised to upgrade immediately, as exploits are already public. You can find more information on ISC's web site. ISC has released BIND 9.6.1-P1, 9.5.1-P3 and 9.4.3-P3 to address the vulnerability.
If you're concerned that your name server might have been the target of such an attack, examine your syslog output for lines like this:
db.c:659: REQUIRE(type != ((dns_rdatatype_t)dns_rdatatype_any)) failed<br />
exiting (due to assertion failure).These indicate that your name server crashed, likely because of this vulnerability.
More tomorrow.
Posted in DNS Security | BIND | 
0 comments