Urgent patching required: BIND CVE 2016-2776

2016-10-05 - News - Tony Finch

On 28th September we wrote:

Yesterday evening, ISC.org announced a denial-of-service vulnerability in BIND's buffer handling. The crash can be triggered even if the apparent source address is excluded by BIND's ACLs (allow-query).

All servers are vulnerable if they can receive request packets from any source.

If you have not yet patched, you should be aware that this bug is now being actively exploited.