Critical dangerous vulnerability in BIND DNS-server

Vulnerabilities in popular software BIND, used to create the domain name servers, allows to bring down the system and even affect other services running on the same hardware.

This statement was made on Friday, the developers of the ISC (Internet Systems Consortium), leading the development of BIND.

ISC is a nonprofit organization dedicated to the creation of BIND has been for many years. It reported that the vulnerability affects only those versions of BIND, which are designed to work in a Unix / Linux-systems, while the Windows-version of BIND is not affected by this problem.


According to the published information, the vulnerability lies on the developers, in its handling of regular expressions, which are the responsibility Library libdns, part of BIND. Versions are vulnerable BIND 9.7.x, 9.8.0 - 9.8.5b1 and 9.9.0 - 9.9.3b1. Note that all of the major vendors of commercial Linux-and Unix-based systems on a Friday or Saturday have released hotfixes for the DNS-server.

According to experts, this vulnerability is that BIND is currently the most popular DNS-server, and for Unix / Linux-systems, it generally is the de-facto standard. BIND also use Solaris, Mac OS X and FreeBSD.

The vulnerability can be used by sending a specially crafted request that force BIND daemon to go beyond allocated memory and provoke the collapse of the server, followed by access to other data on the target server. ISC notes that the bug is critically dangerous and it affects both authoritative and recursive DNS-servers.

As reported by the ISC, if the user does not upgrade BIND of the new sources available on the manufacturer's website, it is necessary to prohibit the use of regular expressions, manually edit the file config.h in accordance with the instructions, available from https://kb.isc.org/ article/AA-00879

BIND 7.x versions are also subject to vulnerabilities, but they are not corrected, because no longer supported version of BIND 10.x are not affected, but so far he does not recommend the developer to work with them to production servers.

In the ISC has been reported that they were aware of the attacks on servers BIND, used on the real servers. The company Arbor Networks, to provide protection from DDoS-attacks, also said they knew of cases of attacks and calls as quickly as possible to upgrade.