Results for isc

Threat Research

Analysis of ISC BIND DNAME Answer Handling DoS (CVE-2016-8864)

A defect in BIND's handling of a DNAME answer was fixed in a critical update from the Internet Systems Consortium (ISC) several days ago. This defect affects all BIND recursive servers, and can be exploited to remotely take down recursive servers by sending a simple DNAME answer thereby causing a denial of service (DoS.) This potential DoS vulnerability is caused by an assertion failure in Resolver.c or Db.c when caching the DNS response with DNAME Record. In this post we will examine the underlying code and expose the root cause of this...

By Dehui YinNovember 08, 2016

Threat Research

Internet Kill Switch Found?

Last week, the Internet Systems Consortium (ISC) released a critical update to its popular software, BIND. BIND is almost everywhere on the Internet, acting as a DNS name server. DNS is a network service used to translate human-readable domain names to numeric identifiers called IP addresses and vice-versa. The update was in response to a recently discovered DoS vulnerability (CVE-2015-5477), which can be exploited to take down the vulnerable BIND server remotely. ISC released an urgent patch for this vulnerability due to its severity. Only...

By Dehui YinAugust 12, 2015