Security News > 2021 > April > BIND Vulnerabilities Expose DNS Servers to Remote Attacks
The Internet Systems Consortium has released updates for the BIND DNS software to patch several vulnerabilities that can be exploited for denial-of-service attacks and one possibly even for remote code execution.
Only servers using a certain feature with non-default configurations are vulnerable to attacks, but ISC suggested these types of servers may not be uncommon.
Finally, the latest BIND updates patch a medium-severity issue that can be exploited for DoS attacks.
The vulnerability can only be exploited remotely against servers that accept zone transfers from a potential attacker.
ISC said it was not aware of any attacks exploiting these vulnerabilities.
While there haven't been any reports of BIND vulnerabilities being exploited in malicious attacks in the past years, flaws in the popular DNS software have been known to cause problems.
News URL
Related news
- Israel’s Pager Attacks and Supply Chain Vulnerabilities (source)
- CUPS vulnerabilities could be abused for DDoS attacks (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution (source)
- Cybercriminals hijack DNS to build stealth attack networks (source)