Denial-of-service flaw in BIND 9 domain name servers issued with temporary patch

A zero-day vulnerability is causing BIND 9 DNS servers to crash.

According to web consultant Mark Stockley, the flaw appears to be a denial-of-service vulnerability that is being exploited in the wild and affects all supported versions of BIND.

According to the Internet Systems Consortium (ISC), the problem is an unidentified network event "that has caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure".

It also claimed that "affected servers crashed after logging an error in query.c with the following message: 'INSIST(! dns_rdataset_isassociated(sigrdataset))'."

Stockley said: “The cause of the crash is still under investigation but the ISC has reacted swiftly with a set of patches that will prevent servers from crashing. There is no known workaround for the problem and BIND users are encouraged to upgrade.”

The issue was rated by the ISC as 'serious' and was described as 'remotely' exploitable.

Matt Barrett, senior solutions architect at Rapid7, said: “BIND 9 is the most widely used DNS server on the internet today. The first attack was discovered at The National Weather Service, the following 89 discoveries of this attack were on US universities. Gone unchecked, this attack could potentially affect nearly the entire internet.

“A temporary patch has already been released, but we encourage everyone to submit packet-capture from their own systems to ISC so they can further investigate. As with any attack, the more information gathered, the better we'll be.”

Sign up to our newsletters