Security organizations have issued an alert about a BIND vulnerability which could see companies face denial-of-service attacks. The vulnerability is found in version 9 of the Internet Software Consortium's BIND (Berkeley Internet Name Domain) server. If it's exploited by an . . .

Security organizations have issued an alert about a BIND vulnerability which could see companies face denial-of-service attacks. The vulnerability is found in version 9 of the Internet Software Consortium's BIND (Berkeley Internet Name Domain) server. If it's exploited by an attacker the BIND server would stop responding until rebooted, according to an advisory issued by US-based security advisory CERT.

"Because the normal operation of most services on the Internet depends on the proper operation of DNS servers, other services could be affected if this vulnerability is exploited," the advisory states.

According to CERT, only version 9 prior to 9.2.1, and not versions 4 or 8 of ISC's BIND are affected.

By sending a specific DNS packet, which is designed to trigger an internal consistency check, the attacker is able to cause the shutdown, CERT said. "It is also possible to accidentally trigger this vulnerability using common queries found in routine operation, especially queries originating from SMTP servers."

The link for this article located at is no longer available.