In the on many DNS servers coming to use BIND software gapes a vulnerability, can the online connectivity of the server caps on the attacker. Patches are available now.
Because of a vulnerability (CVE-2015-5477) in the BIND software, all operators of appropriate DNS servers should install the appropriate patches, otherwise the servers by attackers specific queries from the Internet disconnect.
Affected versions 9, 9.1.0, 9.9.7-P1 and P2-9.10.2. The patched versions 9.9.7-P2 and P3-9.10.2 are now available for download. Michael McNally, chief security researcher of the BIND developers the Internet Systems Consortium (ISC) has discovered the gap with his team and comes from early attacks from.
According to the researchers manipulated a DNS query for a DoS attack is sufficient that you want can be relatively easy to construct. In this case, as websites and e-mail services of affected servers were no longer available.
Amazon has already patched its AWS server and Red Hat provides a secure version of Red Hat Enterprise Linux 5 are available. Admins should check their DNS servers in any case, because often the systems are set up and perform without supervision and maintenance their service. (the)
No comments:
Post a Comment