Published on Saturday, 08 July 2017 22:03
Berkeley Internet Name Domain (BIND) is a DNS implementation solution developed by the Internet Software Consortium (ISC) that is widely used in Unix and Linux operating systems. A Domain Name System or Service or Server (DNS) acts like yellow pages for the Internet. It is used to resolve domain names such as google-public-dns-a.google.com into IP addresses like 18.104.22.168 so that they can be directed to the correct sites.
Earlier this week, a security researcher reported two severe vulnerabilities in ISC BIND that can be remotely exploited. Details of the reported vulnerabilities are explained in CVE-2017-3142 and CVE-2017-3143 (see links below). As the associated exploit codes have also been posted online, many unpatched Internet-facing ISC BIND DNS servers are at risk.
An attacker may target an unpatched system by forging a valid Transaction Signature (TSIG) to perform a dynamic update on the DNS server. The attacker may also bypass the TSIG authentication process of DNS Zone Transfer (AFXR) to retrieve information about a DNS zone thus allowing the attacker to perform further targeted attacks on a victim’s system.
Affected DNS Systems
DNS systems using the following BIND versions are affected:
- 9.4.0 to 9.8.8
- 9.9.0 to 9.9.10-P1
- 9.10.0 to 9.10.5-P1
- 9.11.0 to 9.11.1-P1
- 9.9.3-S1 to 9.9.10-S2
- 9.10.5-S1 to 9.10.5-S
System administrators are strongly advised to upgrade the affected BIND versions immediately to the patched release that is the most closely related to your current version.