BIND DNS Vulnerability

There’s a new BIND exploit that has been found allowing the possibility of the cache to be poisoned remotely, see here http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022.

We’ve updated our Slackware servers but as of yet there are no updates for Debian 4.0 which we have virtualmin installed on.

Chris

While this security vulnerability is rated as “medium” risk, this is because it is not currently a risk for many BIND users. For users who have DNSSEC validation turned on, this bug is a SEVERE risk and upgrading to the newly patched code is imperative.