Slashdot Mirror

← Back to Stories (view on slashdot.org)

Potential 0-Day Vulnerability For BIND 9

Posted by Soulskill on from the bind-your-own-business dept.

Morty writes "BIND, the popular DNS server software, has been crashing all over the Internet. The root cause is believed to be a 0-day vulnerability in BIND's resolver. The ISC has issued an alert. Quoting: 'An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. ISC is working on determining the ultimate cause by which a record with this particular inconsistency is cached. At this time we are making available a patch which makes named recover gracefully from the inconsistency, preventing the abnormal exit.'"

4 of 187 comments (clear)

  1. Re:Impossible! by 1s44c · · Score: 5, Insightful

    It's open source, and has had years to mature...so many eyes on it that this couldn't possibly happen.

    We don't even know what is happening yet. Maybe it's just a DOS, maybe it's a potential exploit. What we do know is that no-one has any need to put recursive DNS servers on the internet unless they are running an ISP or a DNS service.

  2. Re:Open sores == fail by NoNonAlphaCharsHere · · Score: 5, Insightful

    I can see this is going to be a long thread full of trolls about open source, but the fact of the matter is that an application "crashing" (really ABENDing) due to an assertion failure is actually a sign of software doing what it was designed to do. Assert statements are used to check for "impossible" conditions, and have the program scream and die if one is found. So what we have here is a careful programmer's backstop doing its job.

  3. Tip of the iceberg by mseeger · · Score: 4, Insightful

    The "assertion"-problem is only tip of the iceberg.

    If an assertion fails, this usually means that someone managed to make the code behave in an unintended way. Since the affect occurred simultaneously at several providers all over the world, this indicates a coordinated attack. The chances are real, someone managed to exploit a buffer overflow (or similar) in BIND.

    So we have to look seriously into the possibility that people have a way to execute code with the same permissions as BIND has.

    When i got the information this morning, this was an alert topic.

    Yours, Martin

  4. Re:Open resolvers by Short+Circuit · · Score: 4, Insightful

    More likely, the unusual TXT lookups were someone streaming IP over DNS.

    --
    tasks(723) drafts(105) languages(484) examples(29106)