CERT and ISC warn about BIND9 DNS vulnerability

The Internet Systems Consortium and United States Computer Emergency Readiness Team are warning about a vulnerability discovered in the Berkeley Internet Name Domain 9 Domain Name Server code that could be exploited to cause a system crash.

11 security companies to watch

There is also believed to be an attack script floating around in the wild that could be used to exploit the vulnerability. "It's a zero-day exploit and you need to patch BIND9 immediately," says Richard Hyatt, co-founder of Toronto-based BlueCat Networks, which Wednesday released a patch that can be applied to its DNS products for the vulnerability.

The CERT advisory, first issued July 28 and updatedWednesday, lists sources of BIND9 implementations that may be vulnerable. Ubuntu is reported as vulnerable, for instance, but Nominum is said not to be. The list is expected to be updated periodically.

"By sending a specially-crafted packet to a BIND9 Server, a remote unauthenticated attacker can cause a denial of service, causing BIND to crash," according to the US-CERT advisory.

According to Hyatt, this attack can be carried out by sending one packet for a dynamic DNS update, "and it doesn't matter whether the server supports dynamic updates or not."

A single packet could crash the BIND9 DNS Server, which would have to be restarted manually. The problem impacts both authoritative and recursive BIND9 DNS Servers, says Hyatt, who believes there are tens of millions of DNS Servers that are probably vulnerable to the denial-of-service attack.

There is the potential for worm-based attack over the next few days to exploit this vulnerability before systems are patched, Hyatt says.