Security 10816 Published by

ExtrmeTech has posted a news story on two BIND security vulnerabilities



The Internet Software Consortium, which maintains key open source Internet software, has reported two new and serious security vulnerabilities that affect the vast majority of DNS servers now in operation on the Internet. Most distributions of Linux and UNIX are affected, as are Microsoft-based systems which are running ports of the Berkeley Internet Name Daemon, or BIND.

According to a bulletin posted on the organization's BIND security page, it is relatively easy to crash a BIND 8 server, causing denial of service. Another even more serious bug allows any domain name server running BIND 4.x or BIND 8.x (but not BIND 9) to be completely taken over by a malicious intruder.
Read more