Massive DNS bug allows easy DoS attack

The Internet Systems Consortium (ISC) recently released a security patch for Bind, a domain name system (DNS) server used by websites and hosting services.

It fixed an issue in Bind which allowed attackers to crash it, which could make a website unreachable to visitors.

DNS resolves a domain name, such as mybroadband.co.za, into the IP address of the server where the associated website or service is located.

Security vendor Sucuri explained that DNS is a critical part of Internet infrastructure. If you knock the name servers of a domain offline, e-mail, HTTP, and other services linked to that domain will be unavailable.

The vulnerability exists because of the way Bind handles TKEY queries. According to Sucuri, a single UDP packet can trigger an assertion failure, causing the DNS daemon to exit.

Although the ISC released a patch along with security advisory CVE–2015–5477, sites remain unpatched.

It said patches are available for all major Linux distributions, and can be installed with commands (“yum update” on Red Hat/Centos and “apt-get update” on Debian-based systems).

Sucuri said those who run their own DNS servers must look for any type of TKEY request in their DNS logs to see if they are being targeted.

Hackers are costing South Africa millions

Apple OS X vulnerable to big 0-day security flaw

Trust in government departments, private companies leads to identity theft

Your Android smartphone can be hacked with one message

Latest news

Partner Content

Show comments

Recommended

Share this article
Massive DNS bug allows easy DoS attack