A recently disclosed vulnerability in Bind, the most widely used software for translating human-friendly domain names into IP addresses used by servers, makes it possible for lone-wolf attackers to bring down huge swaths of the Internet, a security researcher has warned.
The flaw, which involves the way that Bind handles some queries related to transaction key records, resides in all major versions of the software from 9.1.0 to 9.8.x, 9.9.0 to 9.9.7-P1, and 9.10.0 to 9.10.2-P2. Attackers can exploit it by sending vulnerable servers a malformed packet that's trivial to create. Vulnerable servers, in turn, will promptly crash. There are no indications that the vulnerability is being actively exploited in the wild, and the bug wasn't disclosed until a fix was in place. Still, the critical vulnerability underscores the fragility of Bind, which despite its three decades in use and unwieldy code remains the staple for the Internet's domain name system.
Rob Graham, CEO of penetration testing firm Errata Security, reviewed some of the Bind source code and the advisory that Bind developers issued earlier this week and made this sobering assessment: