ISC updates critical DoS bug in BIND DNS software

By September 30, 2016 News

By Fahmida Y. Rashid The Internet Systems Consortium (ISC) patched two vulnerabilities in domain name system software BIND, one of which was referred to as a “critical error condition” in the software.BIND is the most commonly deployed DNS server on the internet, translating domain names into IP addresses so that users can access applications and remote servers without having to track IP addresses. BIND is the de facto standard on Linux and other Unix-based machines; a vulnerability in the software affects a large number of servers and applications.[ Also on InfoWorld: 19 open source GitHub projects for security pros. | Discover how to secure your systems with InfoWorld’s Security newsletter. ]The latest BIND update, versions 9.9.9-P3, 9.10.4-P3, and 9.11.0rc3, patched a denial-of-service flaw (CVE-2016-2776) that could be exploited using specially crafted DNS request packets. The issue was uncovered internally by ISC and affects all servers that can receive request packets from any source, ISC said in its advisory. Affected versions include 9.0.x to 9.8.x, 9.9.0 to 9.9.9-P2, 9.9.3-S1 to 9.9.9-S3, 9.10.0 to 9.10.4-P2, and 9.11.0a1 to 9.11.0rc1.To read this article in full or to leave a comment, please click here …read more

Pin It on Pinterest

Share This