BIND 9 Dynamic Update DoS Security Update

Posted on in Categories BIND Dns, CentOS, Debian Linux, fedora linux, FreeBSD, Howto, Linux, Networking, package management, RedHat/Fedora Linux, Security, Solaris, Suse Linux, Sys admin, UNIX, Windows server last updated July 29, 2009

BIND 9 is an implementation of the Domain Name System (DNS) protocols. named daemon is an Internet Domain Name Server for UNIX like operating systems. Dynamic update messages may be used to update records in a master zone on a nameserver. When named receives a specially crafted dynamic update message an internal assertion check is triggered which causes named to exit. An attacker which can send DNS requests to a nameserver can cause it to exit, thus creating a Denial of Service situation. configuring named to ignore dynamic updates is NOT sufficient to protect it from this vulnerability. This exploit is public. Please upgrade immediately.