Home ISC Announces Major BIND 9 Vulnerability

ISC Announces Major BIND 9 Vulnerability

The Internet Systems Consortium (ISC) is reporting a major vulnerability in BIND 9, with an apparent exploit in the wild. According to the announcement, servers running BIND 9 and performing recursive queries should upgrade immediately.

The actual exploit for this vulnerability is not yet reported. ISC says that it will cause a resolver to cache an invalid record, then crash when responding to queries that request that record.

If BIND has crashed due to the flaw, ISC says it should log an error in query.c with the message “INSIST(! dns_rdataset_isassociated(sigrdataset)).”

The ISC does not yet know the actual cause of the vulnerability, but has a patch that deals with the symptom of the exploit. The vulnerability affects multiple versions of BIND, and ISC has produced patches for BIND 9.8.1, 9.7.4, 9.6 and 9.4. Versions 9.2.x and earlier may be unaffected due to an older implementation of DNSSEC.

The announcement from ISC has links to the patches, and many vendors have already produced updates that incorporate the patches. If you’re running affected versions of BIND 9, upgrade immediately.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.