It was about a year ago that security researcher Dan Kaminsky reported his DNS flaw that affected many vendors and the internet itself. DNS – particularly BIND 9 is now at risk from another flaw for which an exploit is already available.
BIND 9 is a popular open source DNS server, and arguably the most deployed DNS server in use today. So even though this is a flaw in one DNS server (as opposed to DNS itself which was Kaminsky’s flaw), it is highly critical.
According to an advisory from the ISC (Internet Systems Consortium) that is the lead sponsor behind BIND:
Receipt of a specially-crafted dynamic update message to a zone for which the server is the master
may cause BIND 9 servers to exit. Testing indicates that the attack packet has to be formulated against
a zone for which that machine is a master. Launching the attack against slave zones does not trigger
the assert.
The end result is a denial of service attack. ISC has an update out now and is urging users to upgrade. So do yourself a favor and upgrade to the patched versions 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1.