Thread: BIND security update protects against serious server crash
View Single Post
  #1   (View Single Post)  
Old 17th November 2011
J65nko J65nko is offline
Administrator
  
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,132
Default BIND security update protects against serious server crash
From http://www.theregister.co.uk/2011/11..._a_bind_again/

Quote:
Updated The Internet Systems Consortium is advising BIND users to update immediately to protect against a bug that may already be under attack to crash vulnerable servers.

The ISC says an unidentified network event caused BIND 9 resolvers to cache an invalid record, and when subsequent queries requested the invalid record, the servers crashed with the following assertion failure:

INSIST(! dns_rdataset_isassociated(sigrdataset)).

It’s also apparently being exploited to attack networks, with multiple members of the BIND users email list from Germany, France and the US reporting simultaneous crashes across multiple servers.

The ISC describes the bug as a potential zero-day exploit with no workaround, and urges immediate upgrade to BIND 9.8.1-P1, 9.7.4-P1, 9.6-ESV-R5-P1, or 9.4-ESV-R5-P1.
Also see http://www.isc.org/software/bind/adv.../cve-2011-4313
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote