Feeds

Severe bug deadlocks BIND

DNS lookup system peril

The smart choice: opportunity from uncertainty

Developers have published a fix to tackle a high-risk flaw in BIND, the widely used Domain Name Services (DNS) software. The flaw creates a potential mechanism for miscreants to crash systems running vulnerable version of the name-to-IP-address translation software.

Left unaddressed, the vulnerability can provide a means to cause BIND servers to deadlock and stop processing requests. Authoritative name servers can be pushed into a deadlock condition when processing incremental zone transfer (IXFR) updates. These updates deal with recent changes in DNS records, with unchanged records omitted to save bandwidth and processing power.

An advisory by the Internet Systems Consortium (ISC) explains: "When an authoritative server processes a successful IXFR transfer or a dynamic update, there is a small window of time during which the IXFR/update coupled with a query may cause a deadlock to occur.

"This deadlock will cause the server to stop processing all requests. A high query rate and/or a high update rate will increase the probability of this condition."

Attacks on the authoritative name servers that underpin the net's "yellow page" system have the potential to severely disrupt internet surfing, even though those users could still reach websites by using the IP address instead of name of the site they wanted to reach.

The flaw – discovered by net software firm Neustar – affects BIND version 9.7.1 and 9.7.2. Neither earlier versions of BIND nor BIND 9.8 are vulnerable.

No exploits against the vulnerability exist, but sysadmins are still being urged to update to BIND version 9.7.3, which addresses the flaw. ®

Designing a Defense for Mobile Applications

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Do YOU work at Microsoft? Um. Are you SURE about that?
Nokia and marketing types first to get the bullet, says report
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.