named in ISC BIND 9.x prior to 9.9.7-P2 and 9.10.x prior to 9.10.2-P3 allows remote malicious users to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
isc bind |
Tardy on the patch? GET BUSY
Security bods are nagging anyone running BIND to install last week's patch, as active exploits have started to appear in the wild. That information comes from Sucuri's Daniel Cid, who writes that "attacks have begun," based on reports from the company's customers that they were experiencing DNS server crashes. The patch is straightforward for anyone running Linux-based DNS servers. Ubuntu, Red Hat, CentOS, and Debian have all caught up with the bug, so patching is straightforward – yum update ...
Easy to hack universal remote BIND DoS hole leaves DNS open to attack
Gird your loins internet: Attackers now have the ability to disrupt large swathes of the web through a remote denial of service vulnerability found in the most widely used software for DNS servers. The BIND bug (CVE-2015-5477) patched overnight affects all DNS servers running the software, and can be attacked with ease. In fact a researcher has already developed an attack capable of knocking servers offline with a single packet. Internet Systems Consortium Michael McNally, lead investigator for ...