By Eduard Kovacs on December 09, 2014
BIND, the most widely used Domain Name System (DNS) software, has been updated to address several remotely exploitable vulnerabilities, the Internet Systems Consortium (ISC) announced on Monday.
One of the flaws (CVE-2014-8500), reported by Florian Maury of the French government information security agency ANSSI, can be exploited to crash BIND or cause memory exhaustion.
"By making use of maliciously-constructed zones or a rogue server, an attacker can exploit an oversight in the code BIND 9 uses to follow delegations in the Domain Name Service, causing BIND to issue unlimited queries in an attempt to follow the delegation. This can lead to resource exhaustion and denial of service (up to and including termination of the named server process)," ISC noted in an advisory.
Full Article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.