Last week the Internet Systems Consortium released a patch for a serious vulnerability in BIND, one of the most popular Domain Name Servers that’s bundled with Linux.
The incident number CVE-2015-5477 details an exploit that allows a remote, unauthenticated attacker to crash DNS servers using BIND by sending a specially crafted command. There’s no specific way to protect against the attack, other than installing the patch immediately.
The attack is reportedly so trivial that a single hacker could take down large chunks of the internet in a single move. All they would need to do is simultaneously crash enough DNS servers to cause a noticeable outage and serious implications for the internet.
If you’re running a BIND DNS server, it’s important to patch as soon as possible to ensure attackers can’t take down your service.
➤ CVE-2015-5477 [ISC]
Image credit: Shutterstock