A vulnerability in the popular open source BIND9 name server allows attackers to remotely trigger a server crash. According to the error report, a single specially crafted "dynamic update" packet is all that is required to prevent IP addresses from being translated into server addresses. Authorised name-servers use dynamic updates to add, or remove, resource records to, or from, a zone.
This DoS problem presents a particular threat because attackers don't require any authentication to exploit the hole, and because the server doesn't need to be specially configured for processing dynamic updates. However, according to the vendor, Internet Systems Consortium (ISC), the attack is only successful in systems where BIND has been set up as a master for a zone
The link for this article located at H Security is no longer available.
