If BIND is used on servers for name resolution in the Domain Name System (DNS), admins should update the program package as soon as possible. Attackers could target three vulnerabilities in BIND 9 and BIND Preview Edition and attack systems.
All three vulnerabilities (CVE-2022-3094, CVE-2022-3736, CVE-2022-3924) are at threat level “hoch“. In all cases, remote DoS attacks should be possible. For example, attackers could flood servers with DNS update messages in order to bring servers to their knees.
The developers state that they have not observed any attacks on the vulnerabilities so far. Admins should install one of the secured versions:
- BIND Preview Edition 9.16.37-S1
Leave a Reply