New on LowEndTalk? Please Register and read our Community Rules.
BIND DNS server critical vulnerability
So far noticed this issue in Kloxo.
named -v
BIND 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.4
https://www.isc.org/software/bind/advisories/cve-2012-5166
http://www.h-online.com/open/news/item/BIND-DNS-server-updates-close-critical-hole-1727232.html
Thanked by 1lbft
Comments
As far as I know cPanel uses BIND as well? So all cPanel servers are vuln?
Versions affected: Pre-9.6, 9.6-ESV->9.6-ESV-R7-P3, 9.7.0->9.7.6-P3, 9.8.0->9.8.3-P3, 9.9.0->9.9.1-P3
cPanel uses
BIND 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.49.8.0->9.8.3-P3 affected
You have a choice in cPanel, bind being one of 3 servers it supports
@miTgiB Speaking of DNS, one of my domains hosted on a vps with you has had 200~ dns lookups each on two different days in the past week. Normally it never goes over 10k a day. Any idea why that would be?
I don't understand the question. 200 v 10k is quite a difference.
Yeah, exactly. I was wondering if you would know anything that would cause that many dns queries? The happened within a one hour window both times. I've got no idea what caused it.
DNS DoS or something?
Pretty common lately to spoof udp against DNS servers
is BIND 9.7.3 affected?
We all servers use bind-9.7
Yikes... so I'm wondering if and how I should update this ... afraid Kloxo doesn't play nicely after I do... hmmmm
RHEL/CentOS has released a patch on this (https://rhn.redhat.com/errata/RHSA-2012-1363.html). On CentOS 5 the patched version appears to be 9.3.6-20.P1.el5_8.5.
@eLohkCalb thnx got confused with the version number :-)