AusCERT jumps the gun on BIND bug release

2011-07-05

Patrick Gray

http://risky.biz/auscert-bind



AusCERT has broken an embargo, accidentally and prematurely broadcasting a security bulletin pertaining to multiple vulnerabilities in the BIND DNS server earlier today.

The accidental disclosure comes as the United States celebrates the evening of July 4, its independence day. The bulletin was supposed to be issued on the morning of July 6, US time. Instead, it was mailed to AusCERT's subscribers a short time ago.

The bugs themselves aren't Earth-shattering; two remote DoS conditions, including a packet-of-death-style attack. But operators of "important" BIND installations will likely be annoyed by the holiday-destroying timing of the release.

"We made a mistake, we weren't supposed to issue them," AusCERT's general manager Graham Ingram told Risky.Biz. "We've apologised to group involved, we didn't quite understand the embargo, we missed it, and we accidentally released it."

[...]


main page ATTRITION feedback