Hole in DNS servers warning

Security watchers have issued an alert about a serious hole in DNS servers that could see companies face denial-of-service attacks.

The vulnerability is found in version 9 of the Internet Software Consortium's BIND (Berkeley Internet Name Domain) server. If exploited, the vulnerability allows remote attackers to shut down BIND servers, according to US-based Computer Emergency Response Team (CERT).

An attacker can cause BIND servers to crash by sending a specific DNS packet, or piece of a message, designed to trigger an internal consistency check that, in turn, causes an error message and a shutdown, according to CERT.

The flaw wouldn't allow hackers to take control of the machines.

"[However] because the normal operation of most services on the Internet depends on the proper operation of DNS servers, other services could be affected if this vulnerability is exploited," the advisory stated.

The flaws are present only in BIND 9 servers using versions prior to 9.2.1, which is the upgrade version that users are encouraged to install.

As yet the Australian Computer Emergency Response Team (AusCERT) has not received any reports of businesses in Australia impacted.

Robert Mead coordination centre manager at AusCERT said, "We are not anticipating a huge impact for security sensitive environments as we are anticipating many would be running on BIND version 8. It's also not the on the current version of 9."

Mead said organisations should keep the vulnerability in perspective, adding it was "not that catastrophic".

"BIND is absolutely everywhere. Any organisation with an Internet presence has its own BIND service, or is dependent on someone else's. However, as this vulnerability only affects a subset of BIND 9 but not the current one, and many organisations are using cut down versions of 8, this limits the potential impact of the vulnerability quite significantly."

"A vulnerability that affected all versions of BIND would be serious, particularly one that allowed [an attacker] to change records or take control of machines."

Mead said most security sensitive environments have not changed over to version 9 because they don't want the extra features.

Join the newsletter!

Error: Please check your email address.

More about AusCertAustralian Computer Emergency Response TeamCERT AustraliaComputer Emergency Response TeamInternet Software Consortium

Show Comments

Market Place