Denial-of-service flaw in BIND 9 domain name servers issued with temporary patch

A zero-day vulnerability is causing BIND 9 DNS servers to crash.

According to web consultant Mark Stockley, the flaw seems to be a denial-of-service vulnerability it really is being exploited within the wild and affects all supported versions of BIND.

According to the net Systems Consortium (ISC), the difficulty is an unidentified network event "that has caused BIND 9 resolvers to cache an invalid record, subsequent queries for that may crash the resolvers with an assertion failure".

It also claimed that "affected servers crashed after logging an error in query.c with the next message: 'INSIST(! dns_rdataset_isassociated(sigrdataset))'."

Stockley said: “The reason for the crash continues to be under investigation however the ISC has reacted swiftly with a group of patches that will prevent servers from crashing. There's no known workaround for the issue and BIND users are encouraged to upgrade.”

The issue was rated by the ISC as 'serious' and was described as 'remotely' exploitable.

Matt Barrett, senior solutions architect at Rapid7, said: “BIND 9 is probably the most accepted DNS server on the net today. The primary attack was discovered on the National Weather Service, the subsequent 89 discoveries of this attack were on US universities. Gone unchecked, this attack could potentially affect nearly the total internet.

“A temporary patch has already been released, but we encourage everyone to submit packet-capture from their very own systems to ISC that allows you to further investigate. As with all attack, the additional information gathered, the simpler we'll be.”