Organizations worldwide began reporting their DNS servers that relied on BIND keep crashing while the nameservers were performing recursive queries.The Internet System Consortium (ICS) claims that multiple versions were affected by an unidentified network event. Sophos names it a “denial of service vulnerability being exploited in-the-wild.”
“An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure,” states their description of the issue.
“ISC is working on determining the ultimate cause by which a record with this particular inconsistency is cached. At this time we are making available a patch which makes named recover gracefully from the inconsistency, preventing the abnormal exit.”
The patch consists of two components, one that prevents the cache from returning inconsistent data and one that makes sure that if an inconsistent answer is detected, prevents the crash of the name daemon.
“When a client query is handled, the code which processes the response to the client has to ask the cache for the records for the name that is being queried. The first component of the patch prevents the cache from returning the inconsistent data. The second component prevents named from crashing if it detects that it has been given an inconsistent answer of this nature.”
Due to the fact that there is no known workaround for the issue, customers are recommended to immediately upgrade the application.
The threat is serious since BIND is one of the most widely utilized pieces of DNS open source software that implements Domain Name System (DNS) protocols for the internet.
The software distribution consists of three main parts: a DNS server, a DNS resolver library and testing tools. These components provide all the software needed to “to ask name service questions and to answer such questions.”
BIND 9.8.1 - P1 for Linux is available for download here
BIND 9.8.1 - P1 for Windows is available for download here