BIND DNS Vulnerability

2 posts / 0 new

Topic locked

#1 Thu, 12/03/2009 - 11:54

clwheatley

BIND DNS Vulnerability

There's a new BIND exploit that has been found allowing the possibility of the cache to be poisoned remotely, see here http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022.

We've updated our Slackware servers but as of yet there are no updates for Debian 4.0 which we have virtualmin installed on.

Chris

#2 Thu, 12/03/2009 - 17:28

ronald

While this security vulnerability is rated as "medium" risk, this is because it is not currently a risk for many BIND users. For users who have DNSSEC validation turned on, this bug is a SEVERE risk and upgrading to the newly patched code is imperative.

Topic locked