A warning has been issued about a vulnerability in BIND, one of the most popular (DNS) server systems on the internet.
The Internet Storm Center (ISC) is warning system administrators about the flaw which can lock up BIND by use of a special query. BIND 9.7.1 or 9.7.2 are vulnerable to the flaw and admins have been urged to upgrade to BIND 9.7.3.
"Depending on your performance requirements, a work-around may be available. ISC was not able to reproduce this defect in 9.7.2 using -n1, which causes named to use only one worker thread, thus avoiding the deadlock," it advised.
"If your server is powerful enough to serve your data with a single processor, this option may be fast to implement until you have time to perform an upgrade."
Earlier versions are not vulnerable. If you run BIND 9.6.x, 9.6-ESV-Rx, or 9.4-ESV-R4, you do not need to upgrade.
ISC said that the flaw had been identified by Neustar and no exploits have been seen in the wild so far. Security researchers Secunia rate the flaw 'moderately critical.'
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all