[MaraDNS list] DNS under exploited attack?

JFC Morfin jefsey at jefsey.com
Wed Nov 16 07:19:12 EST 2011


FYI - in case this would be a new form of DoS.
-----

From: Barry Greene <bgreene at isc.org>
Subject: Update: BIND 9 recursive error being investigated
To: undisclosed-recipients:;

Interm Security Advisory: 
http://www.isc.org/software/bind/advisories/cve-2011-tbd (CVE will be updated)

Organizations across the Internet are reporting crashes interrupting 
service on BIND 9 nameservers performing recursive queries. Affected
servers crash after logging an error in query.c with the following 
message: "INSIST(! dns_rdataset_isassociated(sigrdataset))"

Multiple versions are reported as being affected, including all 
currently supported release versions of ISC BIND 9.

ISC is actively investigating the root cause and working to produce 
patches which avoid the crash. Further information will be made
available soon (see the advisory 
http://www.isc.org/software/bind/advisories/cve-2011-tbd).

It is unknown at this time if this is an exploited attack. This is 
under investigation.

Questions, observations, and data is welcomed. Please send to 
security-officer at isc.org.

----

jfc



More information about the list mailing list