BIND Flaws exploited in DNS server attacks

Pierluigi Paganini August 04, 2015

Recently we reported a new vulnerability affecting Bind, now experts at Sucuri confirmed that the flaw is being exploited in DNS server attacks.

A few days ago we wrote about the BIND software flaws that were discovered, affecting important companies, and last week a patch was released for the denial-of-service flaw (CVE-2015-5477), which was affecting all versions of BIND 9.

The flaw can be exploited by sending a malformed packet to the vulnerable server, which when receives it will crash.

The vulnerability could be exploited by attackers to crash both authoritative and recursive DNS servers.

Researchers were predicting that attackers were going to try to exploit the flaw, and today we can officially confirm it.

“We can confirm that the attacks have begun,”, “DNS is one of the most critical parts of the Internet infrastructure, so having your DNS go down, it also means your email, HTTP and all other services will be unavailable.” wrote David Cid, founder of security company Sucuri.

bind flaw 2

Everyone is advised to patch his DNS servers since there is no workaround, and the only way to really stop the attacks is the installation of the patch.

“All major Linux distributions (Redhat, Centos, Ubuntu, etc) have already provided patches for it and a simple “yum update” on Redhat/Centos or “apt-get update” on Debian-based systems will get you protected. Remember though, for the change to take affect you must restart BIND after the update.”

If you run your own DNS server and want to check if you are being targeted, you need to look for “ANY TKEY” in your DNS logs:

Aug 2 10:32:48 dns named[2717]: client a.b.c.d#42212 (foo.bar): view north_america: query: foo.bar ANY TKEY + (x.y.z.zz)

Here is the tip, so please patch your DNS servers.

Elsio Pinto (@high54security) is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/

Edited by Pierluigi Paganini

(Security Affairs – BIND,  hacking)



you might also like

leave a comment