On 28th July Internet Systems Consortium announced a critical vulnerability (CVE-2015-5477) in all BIND DNS server versions from 9.1.0 to 9.9.7-P1 and 9.10.2-P2. It allows a remote attacker to exploit an error in handling TKEY queries to launch a Denial of Service (DoS) attack which will cause the BIND DNS server to crash. If your cPanel/WHM, Odin Plesk or DirectAdmin servers are not patched, you should consider them vulnerable.

How to fix it?

There is no work around to by-pass this vulnerability. The only solution is to apply the patch to fix CVE-2015-5477. All major Linux vendors have already released patches for this.

Fix in RedHat and CentOS servers

Run the below command, assuming you are already current on all your other system software.

# yum update bind

For CentOS, you will need to enable Continuous Release (CR) Repository to get this patch. Here’s how you can install, enable the CR repo, and update BIND.

# yum install centos-release-cr

# yum-config-manager --enable cr

# yum update bind

Once this is done, you can disable the CR repo by:

# yum-config-manager --disable cr

Fix in Debian and Ubuntu servers

Run the command:

# apt-get install bind9

Fix in OpenSUSE servers

Run the command:

# zypper update bind

If your cPanel/WHM, Odin Plesk or DirectAdmin servers are not up-to-date, and you are unable to run a normal package upgrade, you may need to custom compile BIND to the latest version. Click below to get your server fixed now:

FIX MY SERVER

Bobcares helps you keep your servers secure through periodic security hardening and by mitigating zero day vulnerabilities.

SEE HOW BOBCARES KEEP YOUR SERVERS SECURE