The BIND software maintainers support server administrators to disable regular expression support or install patches as soon as possible.
BIND is by far the most widely used DNS (Domain Name System)
server software on the Internet. It is the de facto standard DNS
software for many UNIX-like systems, including Linux, Solaris,
various BSD variants and Mac OS X. A flaw in the widely used BIND DNS
software can be exploited by remote attackers to crash DNS servers
and affect the operation of other programs running on the same
machines.
The vulnerability can be exploited by sending specifically crafted
requests to vulnerable installations of BIND that would cause the DNS
server process -- the name daemon, known as "named" -- to
consume excessive memory resources. This can result in the DNS server
process crashing and the operation of other programs being severely
affected. BIND 10 is not affected by this vulnerability.
No comments:
Post a Comment