ICT Security-Sécurité PC et Internet
87.1K views | +0 today
Follow
ICT Security-Sécurité PC et Internet
Education Technology
ICT Security + Privacy + Piracy + Data Protection - Censorship - Des cours et infos gratuites sur la"Sécurité PC et Internet" pour usage non-commercial... (FR, EN+DE)...
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
Scoop.it!

Attackers are downing DNS servers by exploiting BIND bug

Attackers are downing DNS servers by exploiting BIND bug | ICT Security-Sécurité PC et Internet | Scoop.it
From www.net-security.org - August 4, 2015 10:16 AM
As predicted, the critical and easily exploitable flaw that affects all versions of BIND, the most widely used DNS software on the Internet, has started being exploited by attackers.

The CVE-2015-5477 flaw allows them to mount Denial of Service attacks against websites and other services.

"DNS is one of the most critical parts of the Internet infrastructure, so having your DNS go down also means your email, HTTP and all other services will be unavailable," Sucuri Security CTO Daniel Cid explained and advised administrators to patch their DNS servers.


Learn more:


http://www.scoop.it/t/securite-pc-et-internet/?tag=BIND


Gust MEES's insight:

As predicted, the critical and easily exploitable flaw that affects all versions of BIND, the most widely used DNS software on the Internet, has started being exploited by attackers.

The CVE-2015-5477 flaw allows them to mount Denial of Service attacks against websites and other services.

"DNS is one of the most critical parts of the Internet infrastructure, so having your DNS go down also means your email, HTTP and all other services will be unavailable," Sucuri Security CTO Daniel Cid explained and advised administrators to patch their DNS servers.


Learn more:


http://www.scoop.it/t/securite-pc-et-internet/?tag=BIND




more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

DNS-Server BIND, PowerDNS und Unbound droht Endlosschleife | CyberSecurity

DNS-Server BIND, PowerDNS und Unbound droht Endlosschleife | CyberSecurity | ICT Security-Sécurité PC et Internet | Scoop.it
From www.heise.de - December 9, 2014 5:36 PM
Eine Sicherheitslücke in den drei DNS-Servern kann dazu ausgenutzt werden, die Software lahmzulegen. Dazu muss ein Angreifer allerdings die Zonen manipulieren oder einen bösartigen DNS-Resolver einschleusen.
Gust MEES's insight:

Eine Sicherheitslücke in den drei DNS-Servern kann dazu ausgenutzt werden, die Software lahmzulegen. Dazu muss ein Angreifer allerdings die Zonen manipulieren oder einen bösartigen DNS-Resolver einschleusen.


more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Une faille critique dans le serveur DNS Bind pourrait perturber l'Internet - Le Monde Informatique

Une faille critique dans le serveur DNS Bind pourrait perturber l'Internet - Le Monde Informatique | ICT Security-Sécurité PC et Internet | Scoop.it
From www.lemondeinformatique.fr - July 31, 2015 9:50 AM
Une vulnérabilité critique affectant toutes les versions du serveur DNS Bind 9 pourrait perturber le web. L'ISC, qui a proposé un correctif, enjoint les organisations concernées à appliquer au plus vite le patch de sécurité pour éviter à des pirates d'exploiter la faille par des attaques DDoS.
Gust MEES's insight:

Une vulnérabilité critique affectant toutes les versions du serveur DNS Bind 9 pourrait perturber le web. L'ISC, qui a proposé un correctif, enjoint les organisations concernées à appliquer au plus vite le patch de sécurité pour éviter à des pirates d'exploiter la faille par des attaques DDoS.


more...
Pierre-André Fontaine's curator insight, August 2, 2015 8:42 AM

Une vulnérabilité critique affectant toutes les versions du serveur DNS Bind 9 pourrait perturber le web. L'ISC, qui a proposé un correctif, enjoint les organisations concernées à appliquer au plus vite le patch de sécurité pour éviter à des pirates d'exploiter la faille par des attaques DDoS.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Critical Flaw Threatens Millions of BIND Servers | threatpost

Critical Flaw Threatens Millions of BIND Servers | threatpost | ICT Security-Sécurité PC et Internet | Scoop.it
From threatpost.com - March 29, 2013 2:47 PM

There is a critical vulnerability in several current versions of the BIND nameserver software that could allow an attacker to knock vulnerable DNS servers offline or compromise other applications running on those machines. The bug is present in several versions of the ubiquitous BIND software and the maintainers of the application have released a patch for it ===> that they recommend users install as soon as possible. <===

 

===> The vulnerability is in BIND 9.7, 9.8, and 9.9 for Unix systems, but Windows versions are not affected. <===

 

The problem lies in the way that the software handles certain regular expressions, and an attacker who exploits the vulnerability could not only cause a denial-of-service condition on the server but also could potentially compromise other software on the machine.

 

Gust MEES's insight:

 

The bug is present in several versions of the ubiquitous BIND software and the maintainers of the application have released a patch for it ===> that they recommend users install as soon as possible. <===

 

===> The vulnerability is in BIND 9.7, 9.8, and 9.9 for Unix systems, but Windows versions are not affected. <===

 

The problem lies in the way that the software handles certain regular expressions, and an attacker who exploits the vulnerability could not only cause a denial-of-service condition on the server but also could potentially compromise other software on the machine.

 

Check also:

 

http://www.scoop.it/t/securite-pc-et-internet?tag=Linux-Vulnerabilities

 

more...
No comment yet.
Sign up to comment
About Follow us Resources Terms Mobile Features
Facebook
X
LinkedIn