DNS Servers Crash Due to BIND Security Flaw

  • 17 January 2018
  • 0 replies
  • 12 views

Userlevel 7
Badge +54
By Eduard Kovacs on January 17, 2018
 
Updates released by the Internet Systems Consortium (ISC) for BIND patch a remotely exploitable security flaw that has caused some DNS servers to crash.
 
The high severity vulnerability, tracked as CVE-2017-3145, is caused by a use-after-free bug that can lead to an assertion failure and crash of the BIND name server (named) process.
 
“BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named,” ISC said in an advisory.
 
Full Article.

0 replies

Be the first to reply!

Reply