Demonstrating Infoblox’s commitment to provide timely patches to critical Domain Name System (DNS) vulnerabilities, Infoblox Inc. today announced the availability of a patch for the Infoblox NIOS™ operating system addressing the newest BIND vulnerability (CVE-2011-2464) publicized by the Internet Systems Consortium (ISC).
Another DNS vulnerability also announced today by ISC (CVE-2011-2465) does not pose a threat for Infoblox systems.
According to ISC’s announcement, CVE-2011-2464 is a defect in certain BIND 9 versions that can allow an attacker to remotely cause the “named” process in both recursive and authoritative domain name servers to exit using a specially crafted packet. As a result, if CVE-2011-2464 is exploited, adverse effects can include diversion of an organization’s name servers and potential downtime. Enterprises are encouraged to apply the patches immediately. All patches for Infoblox systems are available to Infoblox customers with active maintenance contracts on the Infoblox Support site.
Infoblox Speeds and Simplifies Fortification Against Vulnerabilities
Enterprises using the Infoblox NIOS platform with the company’s unique Grid technology and High Availability technologies, as well as a best practices architecture, can deploy the new patch in a matter of minutes across their entire enterprise with the touch of a button and no interruption in service, enabling “Zero-Day” protection from the recent vulnerability while avoiding downtime.
Conversely, enterprises delivering DNS services with general-purpose servers and operating systems and BIND name servers may require significant administrative resources and costs to apply the patch to individual servers throughout their networks, which can take days or weeks, depending on the diversity of their networks.
Cricket Liu, Infoblox Vice President of Architecture and Technology and author of O’Reilly’s authoritative reference books on DNS and BIND, said: “These vulnerabilities represent a clear call to enterprises to stay on top of their BIND implementations. Fortunately, with Infoblox’s Grid-based solution and the proper architecture, organizations can easily protect themselves and keep business running as usual.”
Key to Easy Patching: Infoblox Grid™ Technology
As the foundation for Infoblox’s industry-leading DNS, Dynamic Host Configuration Protocol (DHCP) and IP address management (IPAM) solutions, the Infoblox Grid™ technology, a real-time network data management system, links Infoblox appliance platforms together so they can be centrally managed and upgraded simultaneously. Unique data management and distribution capabilities of the Grid technology enable network infrastructure resiliency, real-time visibility and management, and automation of many traditionally manual, time-consuming and error-prone tasks associated with these services.
For more information about the Infoblox solution, visit www.infoblox.com. If you are an Infoblox customer with an active maintenance contract, access to the patch is available on the Infoblox Support Site.
Infoblox is an industry leading developer of network infrastructure automation and control solutions. Infoblox’s unique technologies, including the Infoblox Grid™—a real-time, data distribution technology—increase network availability and control, while automating time-consuming manual tasks associated with network infrastructure services like domain name resolution (DNS), IP address management (IPAM), network change and configuration management (NCCM) and network discovery, among others. Infoblox IPv6-ready solutions are used by over 4,750 organizations worldwide, including more than one third of the Fortune 500. The company is headquartered in Santa Clara, Calif., and operates in more than 30 countries.