It’s been a torrid few months for BIND with various vulnerabilities and fixes published. This demonstrates the need to implement a robust patching schedule and it may make sense to reserve slots in your change control process to enable systems, like DNS servers, to be kept up to date with the latest security fixes. However […]
CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow
An update on recent DNS & DHCP vulnerabilities
There have been several DNS and DHCP vulnerabilities published recently. All the main DDI vendors have now released patches as far as we can tell. Two BIND vulnerabilities in particular are serious enough to justify patching your systems. For Infoblox customers, this means an upgrade to NIOS 7.2.5, this will address the following vulnerabilities: CVE-2015-8704: A […]
CVE-2015-5477: Sorry, you will need to patch if you’re running BIND!
We don’t normally get too involved with discussing or publishing details about bugs and patches for BIND, however due to the severity of CVE-2015-5477, it has prompted a couple of customers to email me directly who I think just wanted a second opinion. Basically, yes, you do have to patch BIND! Unfortunately, the news from […]
Tolly report validates Infoblox Cloud Network Automation savings
Tolly Group, a leading independent IT testing firm, has found that automation of core network services—DNS, DHCP and IP addresses (DDI)—can reduce the deployment time for virtual machines in a VMware private cloud environment by 62 percent. Private clouds are rapidly emerging as the infrastructure platform of choice for many organisations because of the speed […]
Presentations from Vinopolis now available to view
Calleva Networks held an event at Vinopolis, London, on Thursday 13th June 2013 on the topic of “Implementing and securing a resilient network services infrastructure“. Video presentations and slide decks are now available to view at your leisure. Welcome and Introduction, Paul Roberts, Calleva Networks Implementing and securing a resilient network services infrastructure, Kier Prior-Williams, […]
Calleva Networks to attend Networkshop 41
Calleva Networks will be partnering with EfficientIP this year at Networkshop 41 on stand EH23 between 9-11 April 2013. Networkshop is the annual exhibition for the education sector with IT staff from many universities and colleges in attendance. Feel free to come along to the stand to discuss your DNS, DHCP, IP Address Management requirements […]
CVE-2012-5689: BIND 9 with DNS64 enabled can unexpectedly terminate when resolving domains in RPZ
ISC BIND DNS 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record. Please check the ISC knowledgebase for further information […]