Hi all, Please be advised that ISC has recently been made aware that CVE-2016-2776 is possibly being actively exploited on the open internet.
We are aware of both an article describing the nature of the vulnerability in detail and working Metasploit code. We have also received reports of crashes that appear to be the result of random exploitation. This places any remaining unpatched servers at high risk of service interruption due to attack. Where once issues such as this have gone largely unremarked outside of the DNS community, it appears that -- for the moment at least -- we have the attention of the larger security community. We believe that in the long run this increased scrutiny will help us further increase the security and stability of BIND, but in the near term it does increase the risk of operating an unpatched server. Thanks, Brian Conry ISC Support _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
