Threat Watch

BIND DNS Software Vulnerability Allows for DoS Attacks

On Wednesday, the ISC (Internet Systems Consortium) discovered a vulnerability in the BIND DNS software that can be exploited for DoS (Denial of Service) attacks. The vulnerability (CVE-2018-5740) can be exploited remotely and only impacts servers when the feature called deny-answer-aliases is turned on, but it is disabled by default. This feature was put in place to aid recursive server operators protect users against DNS rebinding attacks. These attacks could allow remote attackers to abuse the targeted victim’s web browser to directly communicate with devices on the network along with exploiting any vulnerabilities that they might contain. Researchers claim that, “accidental or deliberate triggering of this defect will cause an INSIST assertion failure in named, causing the named process to stop execution and resulting in denial of service to clients.” The vulnerability affects BIND versions 9.7.0 through 9.8.8, 9.9.0 through 9.9.13, 9.10.0 through 9.10.8, 9.11.0 through 9.11.4, 9.12.0 through 9.12.2, and 9.13.0 through 9.13.2. A patch has been made available for versions 9.9.13-P1, 9.10.8-P1, 9.11.4-P1 and 9.12.2-P1. There has been malicious activity associated with this vulnerability, however potential victims were informed on July 31st. Users are advised to disable the deny-answer-aliases feature if it is enabled.