Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Networking Security The Internet

Critical BIND Denial-of-Service Flaw Could Take Down DNS Servers 68

alphadogg writes: Attackers could exploit a new vulnerability in BIND, the most popular Domain Name System (DNS) server software, to disrupt the Internet for many users. The vulnerability affects all versions of BIND 9, from BIND 9.1.0 to BIND 9.10.2-P2, and can be exploited to crash DNS servers that are powered by the software. The vulnerability announced and patched by the Internet Systems Consortium is critical because it can be used to crash both authoritative and recursive DNS servers with a single packet.
This discussion has been archived. No new comments can be posted.

Critical BIND Denial-of-Service Flaw Could Take Down DNS Servers

Comments Filter:
  • by bill_mcgonigle ( 4333 ) * on Friday July 31, 2015 @05:26PM (#50226945) Homepage Journal

    I noticed this on Google News yesterday - checked a CentOS 7 box to find that yum had installed the patch overnight on 7/28 and systemd had restarted named for me. Good work, everybody. Make sure your updates are working.
    Oh, hai dollar-short Slashdot.

  • by Demonoid-Penguin ( 1669014 ) on Friday July 31, 2015 @05:28PM (#50226957) Homepage

    Patched updates rolled out long before /. reported it (shock, horror).
    If Debian [packetstormsecurity.net] is any guide most distros have already done the same and anyone running unattended-updates for security patches has been updated for several days (25th).

  • by Anonymous Coward

    The US Gov knew and published this on the 28th. Way to be 3 days late, an no doubt why /. is more than a dollar short.

    https://www.us-cert.gov/ncas/current-activity [us-cert.gov]

  • Bind is how old now? So does this put it back in the critical flaw lead, or is that position still held by Sendmail?
    • by amorsen ( 7485 )

      Bind has been rewritten practically from scratch multiple times. This has strangely not helped security as much as one would hope...

      To be fair, at least they are mostly DoS bugs, not root-in-one-packet like in the good old days. At least we hope they are.

  • A heads up for those running CentOS 6.6. This issue is not patched by default (because CentOS is in the midst of the transition from 6.6 to 6.7). Sysadmins using bog-standard CentOS 6.6 bind will need to enable the continuous release (CR) repository and update bind using that.

    See the CentOS 6 Security Support forum post CVE-2015-5477 patch for centos 6 [centos.org]

    Wondering if this issue is serious enough to warrant the CentOS folk putting some patched bind rpms in the CentOS 6.6 updates repo? My guess is that a lot of

    • by Anonymous Coward

      Right, it's because Centos 6.7 hasn't been released yet and Red Hat has't made upgrade for RHEL 6.6.

      Thus if you had RHEL 6.6 and hadn't yet upgraded 6.7 you would have same situation.

      But, fortunately there is a solution available, which you may choose to take. Upgrade to continuous release version and get upgrades from there before official point release is available.

      What you need to do is simply

      # yum install centos-release-cr

      Make sure you have enough free space available for several hundred packaces (/var/

  • by tlhIngan ( 30335 ) <slashdot@worf.ERDOSnet minus math_god> on Saturday August 01, 2015 @01:18AM (#50228257)

    Don't you just long for the days when sendmail and bind would be always in the news because of some flaw or other? Heck, didn't we all run alternatives because sendmail and bind were so buggy...

    How long has it been since we last had a Bind security issue...

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...