NEWMARKET, NH – In an effort to address what has been referred to as “severe security vulnerabilities,” the nonprofit Internet Systems Consortium (ISC) has released a series of patches for multiple versions of BIND 9, a popular suite of software utilized for interacting with the Domain Name System (DNS).
The issues with BIND – which stands for Berkeley Internet Name Domain – were uncovered by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and relate to vulnerabilities that would allow remote attackers to launch denial-of-service (DoS) attacks; this is an attack meant to shut down a machine or network, making it inaccessible to its intended users.
DoS attacks accomplish this goal by flooding the target with traffic, or sending it information that triggers a crash; the end result is to exhaust all available memory on a target server, making it unavailable.
Numerous bugs that would give remote attackers a back door to carry out a DoS attack were addressed in the newly-released patches by the ISC, including CVE-2023-2828, CVE-2023-2829, and CVE-2023-2911. The degree of vulnerability that these bugs afforded to attackers was rated 7.5 out of a 10-point scale of severity, as per the ISC.
The ISC noted that it was unaware of any examples of the BIND vulnerabilities being exploited by a malicious third party, but nonetheless recommended that all users of the software utilize the patches they have released to avoid any issues in the future.
BIND Is currently the most widely-used DNS server software, and is used by a plethora of organizations such as banks, universities, large-scale manufacturers, and even local and federal government agencies, the ISC said. BIND is essential for reliable Internet communication since it aids in translating human-readable domain names into IP addresses and back again, and can be used on most operating systems.
About The Author: John Colascione is Chief Executive Officer of Internet Marketing Services Inc. He specializes in Website Monetization, is a Google AdWords Certified Professional, authored a ‘how to’ book called ”Mastering Your Website‘, and is a key player in several Internet related businesses through his search engine strategy brand Searchen Networks®