The Internet Systems Consortium (ISC) has released a new versions of the BIND DNS (Domain Name System) software that contain a fix for a defect that could be used to remotely crash DNS servers. ISC is the the organization that develops and maintains the BIND DNS (Domain Name System) software, the most widely used DNS server software and the standard DNS software on many Unix-like systems, including Linux, Solaris and Mac OS X.

The bug had been discovered in the most recent releases of BIND 9 and had the potential for deliberate exploitation as a denial-of-service attack. By sending a recursive resolver a query for a record in a specially malformed zone, an attacker can cause BIND 9 to exit with a fatal "RUNTIME_CHECK" error in resolver.

ISC says that no intentional exploitation of the bug has been observed in the wild. The existence of the issue has been disclosed on an open mailing list with enough accompanying detail to reverse engineer an attack and ISC is therefore treating this as a Type II (publicly disclosed) vulnerability.

The vulnerability Versions affected BIND 9.6-ESV-R9, 9.8.5, and 9.9.3.

ISC recommends to upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://ftp.isc.org/isc/bind9