XenoActive.org

ISC has released a patch for BIND 9 to protect against a recently disclosed vulnerability. The vulnerability affects all currently supported versions of BIND. No workarounds are available, and ISC is recommending that BIND installations be upgraded to the patched release. Multiple organizations have reported crashed DNS servers as a result of the vulnerability. CVE-2011-4313 has more details of the symptoms and behavior. Unconfirmed comments on the Internet Storm Center website indicate multiple educational institutions were targeted in a trial run for a much larger attack. Given the denial of service side effects of the vulnerability, patching should be a priority for all organizations running an affected version, especially with upcoming holiday season. Black Friday is right around the corner is around the corner, and downed DNS servers could seriously impact the high sales season.

From the ISC website:

Organizations across the Internet reported crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crashed after logging an error in query.c with the following message: “INSIST(! dns_rdataset_isassociated(sigrdataset))” Multiple versions were reported being affected, including all currently supported release versions of ISC BIND 9. ISC is actively investigating the root cause and has produced patches which prevent the crash. Further information will be made available soon.

Related Posts

• Adobe Exploit in the Wild
• Targeted Attacks Use MHTML Exploit
• SourceForge Under Attack