Critical Bug in Bind Server Bring Down Internet

Remote denial of service vulnerability exposes BIND servers, vulnerability affects every DNS server online which uses the popular BIND protocol software., Latest critical bug in widely used DNS server underscores its fragility.
After HeartBleed and Freak Vulnerability which puts whole internet under threats, now another critical flaw have been discovered in BIND (Berkeley Internet Name Domain), the most widely used software for translating domain names into IP addresses used by servers.

The vulnerability is critical as an attackers can bring down huge swaths of the Internet. The vulnerability resides in all major versions of the software from 9.1.0 to 9.8.x, 9.9.0 to 9.9.7-P1, and 9.10.0 to 9.10.2-P2. Attackers can exploit it by sending vulnerable servers a malformed packet that's
trivial to create. The successful exploitation of the flaw completely crashed the server.

Normally, denial-of-service bugs receive low-severity ratings, but when they're present in servers that form the Internet's very core, the risks are much higher. Lead investigator Michael McNally from the Internet Systems Consortium (ISC) said in a security advisory the bug, CVE-2015-5477, is a critical issue which can allow hijackers to send malicious packets to knock out email systems, websites and other online services.

The advisory says the bug, awarded a CVSS score of 7.8, could impact on large swathes of the internet and is caused by "an error in the handling of [transaction key records] TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit."

Rob Graham, CEO of penetration testing firm Errata Security, reviewed some of the Bind source code and the advisory that Bind developers issued earlier this week - 
BIND9 is the oldest and most popular DNS server. Today, they announced a DoS vulnerability was announced that would crash the server with a simply crafted query. I could use my "masscan" tool to blanket the Internet with those packets and crash all publicly facing BIND9 DNS servers in about an hour. A single vuln doesn't mean much, but if you look at the recent BIND9 vulns, you see a pattern forming. BIND9 has lots of problems—problems that critical infrastructure software should not have.
Read Also
Post a Comment