Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

ISC Issues Fix for Server-Crashing Vulnerability in BIND

The Internet Software Consortium (ISC) has issued a fix for a bug in the BIND server software that has triggered crashes at organizations across the Internet.

The Internet Software Consortium (ISC) has issued a fix for a bug in the BIND server software that has triggered crashes at organizations across the Internet.

The ISC is still investigating the problem, which is known to affect all currently supported versions of BIND. The ISC, which maintains the popular DNS software, stated that a number of organizations have reported crashes interrupting service on BIND 9 nameservers performing recursive queries.

According to the ISC, an as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record. Subsequent queries for the record would crash the resolvers with an assertion failure. The situation could potentially be exploited by an attacker to cause a denial-of-service (DoS).

“Affected servers crashed after logging an error in query.c with the following message: “INSIST(! dns_rdataset_isassociated(sigrdataset))” Multiple versions were reported being affected, including all currently supported release versions of ISC BIND 9,” according to the ISC advisory.

“ISC is working on determining the ultimate cause by which a record with this particular inconsistency is cached,” the advisory continues. “At this time we are making available a patch which makes named recover gracefully from the inconsistency, preventing the abnormal exit.”

Organizations are advised to upgrade BIND to one of the following patched versions: BIND 9.8.1-P1, 9.7.4-P1, 9.6-ESV-R5-P1 or 9.4-ESV-R5-P1.

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.