http://www.theregister.co.uk/2011/11/16/bind_in_a_bind_again/ By Richard Chirgwin The Register 16th November 2011 Updated - The Internet Systems Consortium is advising BIND users to update immediately to protect against a bug that may already be under attack to crash vulnerable servers. The ISC says an unidentified network event caused BIND 9 resolvers to cache an invalid record, and when subsequent queries requested the invalid record, the servers crashed with the following assertion failure: INSIST(! dns_rdataset_isassociated(sigrdataset)). It’s also apparently being exploited to attack networks, with multiple members of the BIND users email list from Germany, France and the US reporting simultaneous crashes across multiple servers. The ISC describes the bug as a potential zero-day exploit with no workaround, and urges immediate upgrade to BIND 9.8.1-P1, 9.7.4-P1, 9.6-ESV-R5-P1, or 9.4-ESV-R5-P1. [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Thu Nov 17 2011 - 02:40:22 PST
This archive was generated by hypermail 2.2.0 : Thu Nov 17 2011 - 02:44:36 PST