Exploit code is now available for a serious flaw in the BIND DNS server identified last month. The attack code was posted on the Milw0rm site Tuesday. The vulnerability in BIND 9 results from the fact that transaction IDs are predictable and can enable an attacker to fool a DNS server into caching a malicious DNS record for a legitimate Web site. The Internet Software Consortium, which maintains the open-source BIND software, patched the flaw last month.
The vulnerability is considered especially serious because BIND is far and away the most widely deployed DNS server. And, administrators are loathe to update the software frequently because that requires taking vital machines offline for extended periods of time. Similar cache-poisoning flaws have popped up in BIND in the past, but the Internet somehow has managed to survive every time.
