ISC BIND 9 vulnerable to denial of service via dynamic update request

**pubdomains.in** · 07-30-2009, 09:10 AM

The Berkeley Internet Name Domain (BIND) is a popular Domain Name System (DNS) implementation from Internet Systems Consortium (ISC). It includes support for dynamic DNS updates as specified in IETF RFC 2136. BIND 9 can crash when processing a specially-crafted dynamic update packet. ISC notes that this vulnerability affects all servers that are masters for one or more zones and is not limited to those that are configured to allow dynamic updates. ISC also indicates that the attack packet has to be constructed for a zone for which the target system is configured as a master; launching the attack against slave zones does not trigger the vulnerability.

CERT
ISC

**Jeff** · 07-31-2009, 12:45 AM

Can you translate that into English

**Ceres** · 07-31-2009, 12:51 AM

Originally Posted by Jeff

Can you translate that into English

Whew, I thought I was the only one who could not understand a word of that.

Pubdomains.in, I'm guessing you're an expert in this area if you're able understand all that technical jargon.

**pubdomains.in** · 07-31-2009, 06:02 AM

Okies - first need to understand few basics
a. DOS attack - Denial - Of - Service : When legitimate websites are loaded with fake requests (like continuous ping to a server from 1000 machines - so that CPU gets loaded enough to stop processing other requests and eventually crashes out)

b. DNS System: Used for resolving names. Thus InForum.in translates to an IP address, and this translation from user friendly language specific words to machine readable quad IP address such as 67.228.108.241 for inforum.in

c. BIND9: Berkeley Internet Name Domain (BIND) is a popular Domain Name System (DNS). Used by multiple nameservers all across the globe.

--------------------
What the article posted by CERT advises is that a number of DNS systems using BIND9 could crash by use of malicious code that has been identified.

Directly you or I may not be controllling name servers - unless we have setup our own NameServers or DNS System. Since All website owners depend upon one or the other name servers for address resolution of our sites - there is a potential problem if the nameservers are not patched for possible DOS attack.

Good news is, that most of the name servers have been patched now after the warning was issued - and you shouldn't face any problems unless you own a DNS system and have not upgraded it to patch the hole.

HTH!!

**Ceres** · 07-31-2009, 11:57 AM

Hey thanks pubdomains.in. I understand now!

**Jeff** · 08-04-2009, 07:53 PM

Thanks pubdomains.in!

Thread: ISC BIND 9 vulnerable to denial of service via dynamic update request

LinkBack

Thread Tools

ISC BIND 9 vulnerable to denial of service via dynamic update request

Re: ISC BIND 9 vulnerable to denial of service via dynamic update request

Re: ISC BIND 9 vulnerable to denial of service via dynamic update request

Re: ISC BIND 9 vulnerable to denial of service via dynamic update request

The Following 2 Users Say Thank You to pubdomains.in For This Useful Post:

Re: ISC BIND 9 vulnerable to denial of service via dynamic update request

Re: ISC BIND 9 vulnerable to denial of service via dynamic update request

Similar Threads

MakeOK.com-Make offer from NNN$ to NNNN$ --- GOOD FOR SERVICE OR REPAIR WEBSITE.

Buy LovePatient.com-20$[Got 1 offer @ sedo] , MakeOK.com-1500$[Got 1 offer @ sedo]

MakeOK.com - Price 2000$

Tags for this Thread

Posting Permissions