São Paulo – The Internet Systems Consortium (ICS) released last week a fix for one of the most worrying loopholes have been discovered in BIND, one of the software more used in web hosting and the standard Unix-based systems.
The flaw allows a hacker alone can bring down parts of the internet with a simple command.
And despite a patch to solve the problem have already been made available, the first cases of cyber criminals taking advantage of the “open door” were recorded on Monday (3).
The vulnerability affects a feature called TKEY, classified as expendable by security expert Robert Graham.
Simply put, the BIND system can not handle malformed packets in order of the function.
These packages can be created easily, sent remotely to vulnerable servers as a kind of denial-of-service attack and knock them down.
As explained Daniel Cid, chief technology officer for Sucuri in a post on the security company blog, falling just leaving inaccessible HTTP, e-mail and other services related to DNS, “one of the most critical parts of the Internet infrastructure.”
Therefore, the gap, identified by CVE-2015-5477 code, can be used to take down some parts of the web. – Which led her to be classified as “critical”
The only way to prevent attacks that exploit the vulnerability is applying the patch in versions 9.8.x to 9.1.0, 9.9.0 to 9.9.7-P1 and 9.10.0 to 9.10.2 P2.
The update has already been released in all major Linux distributions, and administrators must manually install it and restart the server to complete the process. The download, incidentally, can be done in the ISC site
Topics:. Hackers , Internet , Software , Technology
No comments:
Post a Comment