Casa > cibernético Notícias > BIND Vulnerability CVE-2016-2776 Could Cause DoS Attacks
CYBER NEWS

BIND vulnerabilidade CVE-2016-2776 poderia causar ataques de negação de serviço

vulnerability-stforumm

Critical vulnerabilities are often leveraged in attack scenarios, varying from denial-of-service to malware infiltration cases. A serious vulnerability was recently patched, the kind that would allow attackers to carry out denial-of-service attacks via the Berkeley Internet Name Domain (LIGAR) exploits. The vulnerability in question is known under CVE-2016-2776, and was discovered during internal testing by the ISC.

relacionado: Routers Linux.PNScan Malware Brute-Forças baseado em Linux

What Is BIND?

LIGAR is open source software that implements the Domain Name System (DNS) protocols for the Internet. It is a reference implementation of those protocols, but it is also production-grade software, suitable for use in high-volume and high-reliability applications. The name BIND stands for “Berkeley Internet Name Domain”, because the software originated in the early 1980s at the University of California at Berkeley.

além do que, além do mais, BIND is also known as the standard for Linux and other Unix-based systems. This means that a flaw can impact a large number of servers and applications. Como já foi dito, the BIND vulnerability could be leveraged in DoS attacks where various organizations can be targeted. The attacks could lead to disabling, shutting down, or disrupting a service, rede, or website.

pesquisadores say that active attacks were reported on October 5, shortly after a proof-of-concept was released on October 1. além do que, além do mais, the flaws affect BIND9 versions including 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3.

More about CVE-2016-2776

The vulnerability can be activated when a DNS server constructs a response to a forged query where the response size crosses the default DNS response size (512). Pelo visto, ISC has already fixed two vulnerable functions (dns_message_renderbegin () and dns_message_rendersection() ) to fix the vulnerability.

As explained by TrendMicro, when a DNS server constructs a response for a DNS Query, it reserves the space in the response buffer (qual é 512 no tamanho, por padrão), it will increment the msg->reserved by the size required for Answer RR. The size also adds up in msg->reserved size, which would be the same if the response buffer has other Resource Records.

Before patching, the server does not take fixed 12-byte DNS headers into consideration, which also adds to the response traffic after rendering the Resource Records from Query through function dns_message_rendersection(). So if the DNS response(r.length) traffic is less than 512 bytes (msg->reserved), the function will return true, but adding the fixed 12-byte header will cause the service to terminate if it exceeds the fixed reserved size of 512 bytes.

The patch allows servers to decrease the DNS header length from the total response length by 12 bytes. Then it compares it to the reserved buffer size to provide correct calculations for response size.

Available updates:

  • LIGAR 9 version 9.9.9-P3
  • LIGAR 9 version 9.10.4-P3
  • LIGAR 9 version 9.11.0rc3
  • LIGAR 9 version 9.9.9-S5
Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...