December 7, 2016

BIND 9 Updated To Fix Serious Server Crash

(LiveHacking.Com) – The Internet Systems Consortium (ISC) has released an update to BIND 9 to workaround a caching bug which is causing servers to crash all over the Internet. Reports from across the Internet show that BIND 9 based nameservers crash when performing recursive queries. There is a suggestion that this zero-day vulnerability is being used by hackers to launch a denial of service attack.

ISC have not yet identified how the crash is triggered (is it malformed packets, malformed requests etc) however it has discovered that once triggered the BIND 9 resolver caches an invalid record, then subsequent queries crash the server.

As a work around they have released patched versions of BIND 9.4-ESV, 9.6-ESV, 9.7 and 9.8, which makes the ‘named’ daemon recover gracefully from the inconsistency and so prevent the crash.

The release notes for the patched versions read:

BIND 9 nameservers performing recursive queries could cache an invalid record and subsequent queries for that record could crash the resolvers with an assertion failure.

The new versions can be downloaded from here and the security advisory can be read here.