This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

BIND DNS Vulnerability

2 posts / 0 new

Topic locked

Last post

#1 Thu, 12/03/2009 - 11:54

clwheatley

BIND DNS Vulnerability

There's a new BIND exploit that has been found allowing the possibility of the cache to be poisoned remotely, see here http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022.

We've updated our Slackware servers but as of yet there are no updates for Debian 4.0 which we have virtualmin installed on.

Chris

#2 Thu, 12/03/2009 - 17:28

ronald

While this security vulnerability is rated as "medium" risk, this is because it is not currently a risk for many BIND users. For users who have DNSSEC validation turned on, this bug is a SEVERE risk and upgrading to the newly patched code is imperative.

Topic locked