On 28th July Internet Systems Consortium announced a critical vulnerability (CVE-2015-5477) in all BIND DNS server versions from 9.1.0 to 9.9.7-P1 and 9.10.2-P2. It allows a remote attacker to exploit an error in handling TKEY queries to launch a Denial of Service (DoS) attack which will cause the BIND DNS server to crash. If your cPanel/WHM, Odin Plesk or DirectAdmin servers are not patched, you should consider them vulnerable.
How to fix it?
There is no work around to by-pass this vulnerability. The only solution is to apply the patch to fix CVE-2015-5477. All major Linux vendors have already released patches for this.
Fix in RedHat and CentOS servers
Run the below command, assuming you are already current on all your other system software.
# yum update bind
For CentOS, you will need to enable Continuous Release (CR) Repository to get this patch. Here’s how you can install, enable the CR repo, and update BIND.
# yum install centos-release-cr
# yum-config-manager --enable cr
# yum update bind
Once this is done, you can disable the CR repo by:
# yum-config-manager --disable cr
Fix in Debian and Ubuntu servers
Run the command:
# apt-get install bind9
Fix in OpenSUSE servers
Run the command:
# zypper update bind
If your cPanel/WHM, Odin Plesk or DirectAdmin servers are not up-to-date, and you are unable to run a normal package upgrade, you may need to custom compile BIND to the latest version. Click below to get your server fixed now:
Bobcares helps you keep your servers secure through periodic security hardening and by mitigating zero day vulnerabilities.
0 Comments