- Jan 24, 2011
- 9,378
BIND maintainer Internet Systems Consortium (ISC) has released an update which fixes a high risk, remotely exploitable, denial-of-service vulnerability in the DNS server software.
Identified as CVE-2011-0414, the flaw affects BIND versions 9.7.1 and 9.7.2, and was discovered by Neustar, the company responsible for the .us and .biz root zones.
The flaw can be exploited by sending an IXFR transfer or a dynamic update followed by a query to the DNS server, which will cause it to lock down and fail to process further requests.
"When an authoritative server processes a successful IXFR transfer or a dynamic update, there is a small window of time during which the IXFR/update coupled with a query may cause a deadlock to occur," the ISC explains in its advisory.
The vulnerability is rated with a high severity level and has a CVSS base score of 7.1. The recommended course of action is to upgrade to the newly released BIND 9.7.3.
More details - link
Identified as CVE-2011-0414, the flaw affects BIND versions 9.7.1 and 9.7.2, and was discovered by Neustar, the company responsible for the .us and .biz root zones.
The flaw can be exploited by sending an IXFR transfer or a dynamic update followed by a query to the DNS server, which will cause it to lock down and fail to process further requests.
"When an authoritative server processes a successful IXFR transfer or a dynamic update, there is a small window of time during which the IXFR/update coupled with a query may cause a deadlock to occur," the ISC explains in its advisory.
The vulnerability is rated with a high severity level and has a CVSS base score of 7.1. The recommended course of action is to upgrade to the newly released BIND 9.7.3.
More details - link
