bconry at isc.org
Tue Oct 4 22:44:20 UTC 2016
Please be advised that ISC has recently been made aware that
CVE-2016-2776 is possibly being actively exploited on the open internet.
We are aware of both an article describing the nature of the
vulnerability in detail and working Metasploit code.
We have also received reports of crashes that appear to be the result of
This places any remaining unpatched servers at high risk of service
interruption due to attack.
Where once issues such as this have gone largely unremarked outside of
the DNS community, it appears that -- for the moment at least -- we have
the attention of the larger security community.
We believe that in the long run this increased scrutiny will help us
further increase the security and stability of BIND, but in the near
term it does increase the risk of operating an unpatched server.
More information about the bind-users