Slashdot Mirror

← Back to Stories (view on slashdot.org)

New DoS Vulnerability In All Versions of BIND 9

Posted by kdawson on from the binding-with-briars-my-joys-and-desires dept.

Icemaann writes "ISC is reporting that a new, remotely exploitable vulnerability has been found in all versions of BIND 9. A specially crafted dynamic update packet will make BIND die with an assertion error. There is an exploit in the wild and there are no access control workarounds. Red Hat claims that the exploit does not affect BIND servers that do not allow dynamic updates, but the ISC post refutes that. This is a high-priority vulnerability and DNS operators will want to upgrade BIND to the latest patch level."

8 of 197 comments (clear)

  1. For goodness sake upgrade.... by syousef · · Score: 4, Funny

    ...to Windows! DOS is just so 80's and 90's it's not funny.

    (Suggested mod: +1 funny)

    --
    These posts express my own personal views, not those of my employer
  2. djb by dickens · · Score: 4, Funny

    Somewhere I think djb is managing to both smile and raise his eyebrows simultaneously.

  3. Re:Interesting by Minwee · · Score: 5, Funny

    It is now.

    This vulnerability also gives the three people running DJB DNS a much needed opportunity for some smugness.

  4. Re:Interesting by kriebz · · Score: 5, Funny

    I was under the impression they had smugness to spare.

  5. Re:Ain't what it used to be.... by FishWithAHammer · · Score: 3, Funny

    I never heard that one, but please tell me it stands for "Right Fucking Now."

    --
    "You can either have software quality or you can have pointer arithmetic, but you cannot have both at the same time."
  6. Smug by TheLink · · Score: 3, Funny

    Smugness to spare? My smugness was overflowing more than BIND9 buffers.

    Great opportunity to vent some smugness today :).

    --
  7. Re:All versions of Bind 9? by tygerstripes · · Score: 5, Funny

    But it's a DOS vulnerability!!! Sheesh, read the title...

    --
    Meta will eat itself
  8. Re:It's because it works, & I believe in every by ShakaUVM · · Score: 4, Funny

    My approach isn't stupid in regards to that. Free? That's a "pretty good price", wouldn't YOU say? And, you're also FREE to customize it, & thus, YOUR PERSONALIZED VERSION OF A CUSTOM HOSTS FILE, JUST GOES ALONG WITH YOUR PERSONALIZED SPED UP & SAFER VERSION OF THE INTERNET... &, just as YOU see fit & like, easily. Notepad.exe for instance? My gosh - lol, just "does wonders" here, on this account... lol!

    Are you the ghost of Billy Mays?