Security News > 2021 > April > BIND Vulnerabilities Expose DNS Servers to Remote Attacks
The Internet Systems Consortium has released updates for the BIND DNS software to patch several vulnerabilities that can be exploited for denial-of-service attacks and one possibly even for remote code execution.
Only servers using a certain feature with non-default configurations are vulnerable to attacks, but ISC suggested these types of servers may not be uncommon.
Finally, the latest BIND updates patch a medium-severity issue that can be exploited for DoS attacks.
The vulnerability can only be exploited remotely against servers that accept zone transfers from a potential attacker.
ISC said it was not aware of any attacks exploiting these vulnerabilities.
While there haven't been any reports of BIND vulnerabilities being exploited in malicious attacks in the past years, flaws in the popular DNS software have been known to cause problems.
News URL
Related news
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- New HTTP/2 DoS attack can crash web servers with a single connection (source)
- Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks (source)
- New attack leaks VPN traffic using rogue DHCP servers (source)