BIND Flaw Opens Door To Hacker Attacks On DNS

Tom Jowitt,

Patch now! BIND flaw is being exploited by hackers and websites can be taken offline, researchers warn

A serious vulnerability in the core architecture of the Internet is being exploited by hackers, a security firm has warned.

A flaw in the BIND open source software that is the most widely used DNS (Domain Name System) server software on the web specifically targets the core Internet system that convert URLs into IP addresses.

DNS Vulnerability

security vulnerability Shutterstock - © Andy Dean PhotographyThe warning came from the Internet Systems Consortium (ISC), and it warned that system administers must patch the vulnerability immediately.

“BIND vulnerability published today is particularly critical. Broadly applicable, easily exploited,” the firm warned in a tweet.

It said the flaw allows hackers to launch denial-of-service attacks on websites, potentially forcing them offline.

“An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit,” said the ISC.

“A week ago, the Internet Systems Consortium (ISC) team released a patch for a serious denial of service vulnerability (CVE-2015-5477) that allows a remote and unauthenticated attacker to crash the BIND (named) daemon, taking down a DNS server,” explained Daniel Cid, a networking expert at Sucuri, in a blog posting on the flaw.

“This happens because of an error in the way BIND handles TKEY queries, which with a single UDP packet can trigger a required assertion failure, causing the DNS daemon to exit,” wrote CID.

“Because of its severity we’ve been actively monitoring to see when the exploit would be live,” he added. “We can confirm that the attacks have begun. DNS is one of the most critical parts of the Internet infrastructure, so having your DNS go down also means your email, HTTP and all other services will be unavailable.”

Previous Flaw

This is not the first time that BIND has had a problem.

Back in April 2013, a “critical” security flaw was reported in BIND that allowed attackers to crash domain name servers. That flaw affected the version of BIND used on Linux and Unix systems, but didn’t affect the Windows version.

The Domain Name System (DNS) is a vital element of the Internet, but has in the past been attacked in hackers.

In 2012, hackers in Pakistan compromised one of the organisation’s managing domain name servers to redirect users to their own site. That attack disrupted access to major services such as Gmail and eBay.

Are you a security pro? Try our quiz!