New DNS Vulnerability

Drake2007

Expert Member
Joined
Oct 23, 2008
Messages
4,408
New DNS Vulnerability Has Organizations Scrambling
Organizations using the BIND 9 DNS server are being urged to update and patch their servers to correct a zero-day vulnerability that can allow remote attackers to execute denial-of-service (DoS) attacks against them.

The Internet Systems Consortium, which maintains BIND, a widely used open source DNS server, announced last week that an exploit already is in wide circulation for the vulnerability, which can cause servers running BIND 9 to crash.

The Dynamic Update Denial of Service vulnerability was announced last week and ISC has released updates of affected versions of the server. Vendors of commercial products based on the software also are releasing patches for the vulnerability.

Patching is crucial, ISC said in announcing the vulnerability. "Access controls will not provide an effective workaround."

more on that link
 
Top