BIND 9 DNS server Vulnerability and Patch Announced

First published: 31^st July 2007

Amit Klein, security researcher and CTO of Trusteer, has released details of a BIND 9 cache poisoning issue. The vulnerability makes pharming attacks feasible against unpatched BIND 9 caching DNS servers. Internet Systems Consortium Inc., the developers of BIND, have released BIND 9.4.1-P1, which fixes the problem.

All sites that utilise BIND are advised to upgrade.

More Information

Internet Systems Consortium, Inc.
BIND Vulnerabilities
BIND 9 DNS Cache Poisoning (Amit Klein)
SANS Internet Storm Center: BIND Updates Available
SANS Internet Storm Center BIND cache poisoning vulnerability details released
US-CERT Vulnerability Note VU#252735 ISC BIND generates cryptographically weak DNS query IDs
US-CERT Vulnerability Note VU#187297 ISC BIND does not correctly set default access controls
Users urged to patch serious hole in BIND 9 DNS server