Vulnerability in ISC BIND leads to DoS, patch today!

17 January 2018

The Internet Systems Consortium has released security updates for BIND, the most widely used Domain Name System (DNS) software on the Internet, and a patch for ISC DHCP, its open source software that implements the Dynamic Host Configuration Protocol for connection to an IP network.

BIND update

The BIND update should be implemented as soon as possible: the vulnerability (CVE-2017-3145) can lead to denial-of-service and crash, and instances of that happening have been reported by multiple parties.

“BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash innamed [name daemon],” the ISC explained the problem.

Read full news article on Help Net Security

Date:

17 January 2018

Categorie(s):

NEWS

Tag(s):

Patch, Security Pro, Security Updates, Vulnerability

Offensive Awakening: The 2024 Shift from Defensive to Proactive Security5 May 2024
End-to-end encryption may be the bane of cops, but they can’t close that Pandora’s Box5 May 2024
Week in review: PoCs allow persistence on Palo Alto firewalls, Okta credential stuffing attacks5 May 2024
Navigating the Digital Age: AI’s Crucial Role in Cybersecurity Reinforcement5 May 2024
Dating apps kiss’n’tell all sorts of sensitive personal info4 May 2024