The Internet Systems Consortium has released new versions of the ubiquitous BIND server software that fix a pair of vulnerabilities in existing releases, one of which enables an attacker to stop the software from running on remote DNS servers.
The high-severity vulnerability in many versions of the BIND software has the effect of causing the BIND server to exit when it receives a specially formatted packet. The ISC said that although it isn’t aware of any public exploits for the bug, it still recommends that organizations upgrade to one of the newer versions of BIND, which include 9.6-ESV-R4-P3, 9.7.3-P3 or 9.8.0-P4.
BIND is the standard for DNS servers and is far and away the most widely deployed DNS name server package. In its advisory, the ISC, which maintains BIND, said that there also is at least one scenario in which an attacker could exploit this vulnerability using malware.
“A defect in the affected BIND 9 versions allows an attacker to
remotely cause the “named” process to exit using a specially crafted
packet. This defect affects both recursive and authoritative servers.
The code location of the defect makes it impossible to protect BIND
using ACLs configured within named.conf or by disabling any features at
compile-time or run-time,” the ISC advisory said.
“A remote attacker would need to be able to send a specially crafted
packet directly to a server running a vulnerable version of BIND. There
is also the potential for an indirect attack via malware that is
inadvertently installed and run, where infected machines have direct
access to an organization’s nameservers.”
ISC officials said in the advisory that there aren’t any known workarounds for this vulnerability and that ACLs would not work either because of the location of the vulnerable code.
The new versions of BIND also include a fix for a separate vulnerability that affects BIND servers that have a feature called Response Policy Zones enabled. That vulnerability also is listed as a high-severity bug and can be used by a remote attacker to cause the BIND process to exit. The BIND RPZ crash vulnerability can be mitigated by not putting certain records in the RPZ zone.
“A defect in the affected versions of BIND could cause the “named”
process to exit when queried, if the server has recursion enabled and
was configured with an RPZ zone containing certain types of records.
Specifically, these are any DNAME record and certain kinds of CNAME
records,” ISC said.