Industry News

Critical Flaw in Bind9 Software Can Kill DNS Servers

A freshly-discovered flaw in the Berkley Internet Name Daemon (BIND) could allow an attacker to bring the DNS server to a grinding halt through the use of regular expressions.

The vulnerability is known as CVE-2013-2266 and affects Linux and Unix versions of BIND from 9.7.x, 9.8.0 to 9.8.5b1 and 9.9.0 to 9.9.3b1, but not similar versions running on Windows. When successfully exploited, the named process starts eating up computer memory until it runs out and the system crashes, along with other services running on the same server.

“Programs using the libdns library from affected versions of BIND are also potentially vulnerable to exploitation of this bug if they can be forced to accept input which triggers the condition.  Tools which are linked against libdns (e.g. dig) should also be rebuilt or upgraded, even if named is not being used,” reads the advisory posted by the Internet Systems Consortium.

BIND9 is the DNS server software maintained by the Internet Systems Consortium (ISC). It deals with domain name resolution – the conversion of domain names such as into machine-readable formats (IP addresses) such as It has a huge market share (over 75% of the world’s DNS servers are running BIND) and chances are that your computer used a BIND DNS server to take you to this page, so successful exploitation of your DNS server would render you unable to access web pages and services you are regularly using.

If you are a DNS server admin running a vulnerable version of BIND, you should update immediately to version 9.9.2-P2, which is available on the ISC site.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.