Results 1 to 7 of 7
-
08-22-2009, 07:53 AM #1Junior Guru Wannabe
- Join Date
- Jan 2008
- Location
- India
- Posts
- 89
Is your server safe? BIND Dynamic update DoS
Friends,
We were having an issue related to DNS on a server which turned out to be the issue with BIND.
=============================
https://www.isc.org/node/474
=============================
Versions affected: BIND 9 (all versions)
Severity: High
Summary: BIND denial of service (server crash) caused by receipt of a specific remote dynamic update message.
=============================
Urgent: this exploit is public. Please upgrade immediately.
=============================
How to find which version you are using?
named -v
If it says anything except: 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1 you need to upgrade! We have RHEL and CentOS based cPanel servers, most of them have 9.3.4
I found that cPanel is not concerned with this issue as they do not distribute BIND -- http://forums.cpanel.net/f6/bind-vul...ty-126161.html
I have fixed some of the servers using the instruction on a blog installing BIND. I would like to know what steps you guys are taking and the best way to upgrade all the servers.
Possible with RPM yet for RHEL5 and CentOS5?█ Vijay | sales@indianets.com
█ indianets.com - Serving successfully since 2007
█ Cheapest Multiple C-Class IP Hosting by indianets.com
█ Reliable servers | Top Notch Support | Stable
-
08-22-2009, 08:44 AM #2Disabled
- Join Date
- Aug 2009
- Location
- London, UK
- Posts
- 1
I know DNS, but do not know BIND
-
08-22-2009, 08:50 AM #3Web Hosting Master
- Join Date
- Sep 2007
- Posts
- 815
I am actually interested in the same thing, what is the safest but easiest way to update Bind in centos servers?
All things work together for the good of those who love God - Romans 8:28
-
08-22-2009, 10:19 AM #4Junior Guru Wannabe
- Join Date
- Jan 2008
- Location
- India
- Posts
- 89
DNS is the theory/concept, BIND is the practical implementation of that. Know more at - https://www.isc.org/software/bind
Anyone secured BIND on RHEL 5 or CentOS 5 ?█ Vijay | sales@indianets.com
█ indianets.com - Serving successfully since 2007
█ Cheapest Multiple C-Class IP Hosting by indianets.com
█ Reliable servers | Top Notch Support | Stable
-
08-22-2009, 10:21 AM #5Randy
- Join Date
- Aug 2006
- Location
- Ashburn VA, San Diego CA
- Posts
- 4,615
yum update bind*
That will take care of it. CentOS/Redhat team already patched this vulnerability.
Cpanel has no control over this package.Fast Serv Networks, LLC | AS29889 | DDOS Protected | Managed Cloud, Streaming, Dedicated Servers, Colo by-the-U
Since 2003 - Ashburn VA + San Diego CA Datacenters
-
08-22-2009, 10:27 AM #6Web Hosting Master
- Join Date
- Sep 2007
- Posts
- 815
Can someone tell me that they have updated their centos machines running in cpanel using yum update bind* ?
I read from cpanel forums that it creates mess. Not sure how true this is.All things work together for the good of those who love God - Romans 8:28
-
08-22-2009, 11:00 AM #7Randy
- Join Date
- Aug 2006
- Location
- Ashburn VA, San Diego CA
- Posts
- 4,615
EDIT:
It's safe. As you can see here our servers have already updated bind, automatically according to /var/log/yum.log:
Jul 30 21:18:17 Updated: 30:bind-libs-9.3.4-10.P1.el5_3.3.x86_64
Jul 30 21:18:17 Updated: 30:bind-libs-9.3.4-10.P1.el5_3.3.i386
Jul 30 21:18:19 Updated: 30:bind-9.3.4-10.P1.el5_3.3.x86_64
Jul 30 21:18:21 Updated: 30:bind-devel-9.3.4-10.P1.el5_3.3.x86_64
Jul 30 21:18:22 Updated: 30:bind-utils-9.3.4-10.P1.el5_3.3.x86_64
Jul 30 21:18:23 Updated: 30:bind-devel-9.3.4-10.P1.el5_3.3.i386
Therefore it should be done automatically, but if not running yum update bind* manually would be no less safe.Last edited by FastServ; 08-22-2009 at 11:09 AM.
Fast Serv Networks, LLC | AS29889 | DDOS Protected | Managed Cloud, Streaming, Dedicated Servers, Colo by-the-U
Since 2003 - Ashburn VA + San Diego CA Datacenters
Similar Threads
-
bind update problem
By yazari in forum Hosting Security and TechnologyReplies: 3Last Post: 08-01-2008, 09:50 PM -
dynamic dns A entry update like no-ip.com
By TurbulentMedia in forum Programming DiscussionReplies: 2Last Post: 11-18-2005, 12:16 AM -
how can I update Bind
By AS4Host in forum Hosting Security and TechnologyReplies: 13Last Post: 06-25-2005, 07:39 AM -
how can I update Bind
By AS4Host in forum Dedicated ServerReplies: 3Last Post: 06-20-2005, 01:35 AM -
BIND pkg update
By skylab in forum Dedicated ServerReplies: 3Last Post: 11-15-2001, 04:21 AM