Critical Alert: BIND TKEY Vulnerability Affecting Linux Systems Running BIND DNS Server - CVE-2015-5477
Reference:
CVE-2015-5477: An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure
BIND TKEY vulnerability (CVE-2015-5477)
USN-2693-1: Bind vulnerabilities
This advisory is provided as a courtesy.
We would like to bring to your attention a newly discovered security bug affecting BIND, which is a very popular DNS server software used by many Linux systems today. The vulnerability could allow attackers to exploit an error in the handling of TKEY queries to cause BIND to exit, thus causing denial-of-service.
BIND is widely used as DNS server software on many Linux systems today. If you are running hosting control panels such as cPanel or Plesk, there's high chance that you are running BIND on your server, unless if you specifically disable DNS server or use a different/alternative DNS server software other than BIND.
Impact
The vulnerability could allow attackers to exploit an error in the handling of TKEY queries to cause BIND to exit, thus causing denial-of-service.
Affected Software
BIND version 9.1.0 -> 9.8.x, 9.9.0->9.9.7-P1, 9.10.0->9.10.2-P2
How To Check If Affected
To check if your Linux system is running BIND, login to your Linux servelet as root and run below command:
ps awx | grep named
For example:
===
# ps awx | grep named
1106 ? Ssl 0:00 /usr/sbin/named -t /var/named/run-root -c /etc/named.conf -u bind -n 2
27054 pts/0 S+ 0:00 grep --color=auto named
===
If you see lines similar to these on the result:
1106 ? Ssl 0:00 /usr/sbin/named -t /var/named/run-root -c /etc/named.conf -u bind -n 2
or
1247 ? Ssl 0:14 /usr/sbin/named -u named
That means you are running BIND on your system. You may then proceed to check the BIND version by executing this command:
named -v
For example:
===
# named -v
BIND 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3
===
===
# named -v
BIND 9.8.1-P1
===
If the version result is within the list of affected versions above, then the BIND is affected.
How To Fix The Vulnerability
To fix this problem and to ensure that your servelets/servers are not affected by this vulnerability, please proceed to install the latest patches available for your system. This will also upgrade BIND to the latest version which is not affected by the vulnerability.
On CentOS:
yum update
Latest BIND packages which resolves the vulnerability:
CentOS / RHEL 7 (bind) - bind-9.9.4-18.el7_1.3
CentOS / RHEL 6 (bind) - bind-9.8.2-0.37.rc1.el6_7.2
On Ubuntu:
apt-get update
apt-get upgrad
Latest BIND packages which resolves the vulnerability:
Ubuntu 14.04 LTS: bind9 1:9.9.5.dfsg-3ubuntu0.4
Ubuntu 12.04 LTS: bind9 1:9.8.1.dfsg.P1-4ubuntu0.12
More information:
Exploits start against flaw that could hamstring huge swaths of Internet
CVE-2015-5477: An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure
BIND TKEY vulnerability (CVE-2015-5477)
USN-2693-1: Bind vulnerabilities
Request Assistance
If needed, we will perform the patch installation for you at a one-time discounted fee of $25. Please submit your order at Order -> Additional Services -> Vulnerability 5-Fix - LINUX : Bash Bug/Shellshock; GHOST glibc; FREAK attack, BIND TKEY - $25
Or please first open a support ticket and give us the hostname, ip address and OS template. You can find this information on your servelet's control panel.
For example:
Hostname: your-servelet-hostname
IP Address: 11.22.33.44
OS Template: CentOS 6.6 (64-bit)
Thank you.
SimplerCloud Support Team
??
English
Bahasa Indonesia
???
Espanol