BIND versions 9.7, 9.8 and 9.9 for the Unix platform, software used by dns servers, prove to be a serious vulnerability. Because of this, attackers can not only dns servers offline but also other applications on the server access.
The vulnerability is in BIND 9.7, 9.8 and 9.9 is according to Threatpost present in the Unix versions of the dns software; the Windows version would have the bug not contain. The vulnerability is present in a library file during the compile of BIND is used and is used for the processing of regular expressions. An attacker could exploit the vulnerability to deliver an ‘out of memory’-error, to generate a dns-server, then the system is vulnerable and offline. Also would it be possible to have other applications on that server to attack. Details about possible exploitcode have not been released, but this would be relatively simple to develop.
Because the BIND software on a large number of dns servers is applied, and thus an important part of the infrastructure on the internet, is a vulnerability in this software is potentially very serious. The Internet Systems Consortium, that the BIND-manages software, has been through a security advisory at system administrators urged to BIND as soon as possible to patch or to upgrade.