Resultados 1 a 2 de 2
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    High severity error in BIND

    ISC Patches Critical Error Condition in BIND

    Chris Brook
    September 28, 2016

    The Internet Systems Consortium patched the BIND domain name system this week, addressing what it calls a critical error condition in the software. A security advisory on ISC’s Knowledge Base on Tuesday acknowledges an attacker can exploit the vulnerability remotely and likely for that reason, marks the issue as high severity.

    The issue stems from a defect in the rendering of messages into packets when a nameserver is constructing a response, according to the ISC, which has maintained BIND since 2012.

    The bug affects a handful of versions of the software, including versions 9.0.x to 9.8.x, 9.9.0 to 9.9.9-P2, 9.9.3-S1 to 9.9.9-S3, 9.10.0 to 9.10.4-P2, and 9.11.0a1 to 9.11.0rc1.

    If exploited, the vulnerability can lead to “an assertion failure in buffer.c while constructing a response to a query that meets certain criteria,” ISC warns, adding that it can be triggered “even if the apparent source address isn’t allowed to make queries (i.e. doesn’t match ‘allow-query’).”

    While the ISC claims the vulnerability isn’t being exploited in the wild, it’s still cautioning that all servers, assuming they can receive request packets from any source, are vulnerable.

    Users running BIND 9 are being urged to update to either version 9.9.9-P3, version 9.10.4-P3, or version 9.11.0rc3 – whichever release matches closest to their current version.

    BIND is the most ubiquitous Domain Name System (DNS) software deployed on the Internet. Despite being so widespread, this is the seventh vulnerability identified in the software so far this year. Before this, the most recent issue, which surfaced in July, revolved around a less pressing error that could have led to a denial of service condition in BIND’s implementation of the lightweight resolver protocol.
    Última edição por 5ms; 28-09-2016 às 19:49.

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Mesmo sem rodar BIND, o pacote dnsutils e outros requerem atualização no Debian 8:

    The following packages will be upgraded:
    bind9-host bind9utils dnsutils host libbind9-90 libdns-export100 libdns100 libirs-export91
    libisc-export95 libisc95 libisccc90 libisccfg-export90 libisccfg90 liblwres90

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens