DNS Server BIND Vulnerability CVE-2015-5477
This article discusses the critical vulnerability CVE-2015-5477 in BIND, which can lead to denial of service attacks. Users are urged to update their systems promptly.
DNS Server BIND Vulnerability CVE-2015-5477
Recently, on July 28, 2015, the Internet Systems Consortium (ISC) published a patch to fix a serious vulnerability in one of the most popular DNS products — ISC BIND. The vulnerability has been assigned the identifier CVE-2015-5477: An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure.
The vulnerability in BIND allows an attacker to trigger a crash of BIND by sending a specially crafted packet. In other words, there is a very simple way to conduct a DoS attack against a DNS server, and using any filtering or blocking features within BIND itself does not yield results.
Currently, there is already an available exploit that can orchestrate DoS attacks on all active versions of BIND, and there are reports of successful DoS attacks using this vulnerability.
BIND is widely used on numerous servers and is the default DNS server for many versions of Linux, FreeBSD, and other systems. Some server management panels (such as ISPManager) use BIND as standard.
If you are using BIND as your DNS server, update it as soon as possible, since a nameserver crash could lead to your resources becoming unavailable.
Additional information about the vulnerability CVE-2015-5477:
- Sucuri: BIND9 – Denial of Service Exploit in the Wild
- National Cyber Awareness System: Vulnerability Summary for CVE-2015-5477
- The Nextweb — A huge DNS exploit could take down chunks of the internet
- RedHat: BIND TKEY vulnerability (CVE-2015-5477)
- Debian Security Tracker: CVE-2015-5477
- Ubuntu Security Notice USN-2693-1: Bind vulnerabilities
Need Help?
Our support team is available 24/7 to assist you with any questions or issues.
Contact Support