Security News > 2021 > April > BIND Vulnerabilities Expose DNS Servers to Remote Attacks
The Internet Systems Consortium has released updates for the BIND DNS software to patch several vulnerabilities that can be exploited for denial-of-service attacks and one possibly even for remote code execution.
Only servers using a certain feature with non-default configurations are vulnerable to attacks, but ISC suggested these types of servers may not be uncommon.
Finally, the latest BIND updates patch a medium-severity issue that can be exploited for DoS attacks.
The vulnerability can only be exploited remotely against servers that accept zone transfers from a potential attacker.
ISC said it was not aware of any attacks exploiting these vulnerabilities.
While there haven't been any reports of BIND vulnerabilities being exploited in malicious attacks in the past years, flaws in the popular DNS software have been known to cause problems.
News URL
Related news
- OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution (source)
- Cybercriminals hijack DNS to build stealth attack networks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- New NachoVPN attack uses rogue VPN servers to install malicious updates (source)
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)