LxCenter Forum: LxCenter Announcements » Bind9 Zero day exploit

HyperVM & Kloxo Support

Forum

Members

Help

Home

Home » LxCenter » LxCenter Announcements » Bind9 Zero day exploit - CVE-2011-4313(Domain Name Server, DNS)

Show: Today's Messages :: Show Polls :: Message Navigator

Bind9 Zero day exploit - CVE-2011-4313 [message #91178]

Fri, 18 November 2011 06:10

LxCenter_Danny

Messages: 2068
Registered: July 2007
Location: Netherlands

Grandmaster
LxCenter Core Team Member
LxCenter Representative

It is urgent to update your Bind Domain Name Service package now if your HyperVM/Kloxo uses Bind as Domain Name Server. It is a world wide request, there where already several attacks on major big DNS systems. If the attack is successfull then your DNS server does not serve any requests anymore so all your hosted domains will be un reachable.

CentOS 4: yum update bind
CentOS 5: yum update bind

CentOS 6: The new bind package is in the CR repo

BIND 9 Resolver crashes after logging an error in query.c

Summary:
Organizations across the Internet reported crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crashed after logging an error in query.c with the following message: "INSIST(! dns_rdataset_isassociated(sigrdataset))" Multiple versions were reported being affected, including all currently supported release versions of ISC BIND 9. ISC is actively investigating the root cause and has produced patches which prevent the crash. Further information will be made available soon.

CVE: CVE-2011-4313
Document Version: 1.2.1
Posting date: 16 Nov 2011
Program Impacted: BIND
Versions affected: 9.4-ESV (all), 9.6-ESV (all), 9.7 (all), 9.8 (all)
Severity: Serious
Exploitable: Remotely