High-risk internet server exploit goes wild

High-risk internet server exploit goes wild

Summary: An active Bind 9 exploit that a hacker could use to crash internet servers is in wide circulation, according to the Internet Systems Consortium

TOPICS: Security

An exploit that a hacker could use to crash internet servers is being used in the wild.

The exploit targets a vulnerability in Bind 9, the most widely used DNS server standard, warned the Internet Systems Consortium (ISC) on Tuesday. ISC is the organisation that supports Bind.

The hole in Bind 9 has no workaround. Administrators must upgrade to Bind versions 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1 to mitigate the threat. The exploit, which a hacker could use to launch an attack against unpatched master servers, is easily available, warned ISC.

"An active remote exploit is in wide circulation at this time," said ISC in an advisory.

The Berkeley Internet Name Domain (Bind) is the most widely used DNS server standard. Bind 9 was coded to overcome security issues associated with Bind, and supports DNS Security Extensions, (DNSSEC), or encrypted DNS.

The Bind 9 dynamic update DOS vulnerability affects master servers for one or more zones. Receipt of a specially crafted dynamic update message may cause Bind 9 master servers to crash, said ISC.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • One DNS Provider's story

    There has been a lot of coverage about the exploit itself, but I haven't seen a lot of chatter from the user community about their response to this vulnerability.

    AT Dyn Inc, we immediately patched our BIND servers. It is now a full 36 hours after the vulnerability was announced, but it appears that many hosting providers and ISPs have not yet addressed the issue.

    You can read about our experience, the part we played in helping to define the parameters of the vulnerability, and get a quick how-to update for FreeBSD at our blog:
  • Hmmm..

    Interesting so best defense is awareness in this case.