Yet another vulnerability has been found in BIND, the domain name server (DNS) software distributed by ISC, according to an advisory released by a Brazilian research organization, CAIS.

The security flaw effects all versions except for 9.

The security vulnerability allows attackers to inject phoney data into a DNS server, altering the DNS information that matches domain names to numerical Internet Protocol addresses.

"The attack goal is to anticipate a reply with false information to the target DNS server, making the server to store in its cache a false IP address for a certain domain name," the advisory said.

This means that attackers may be able to hijack the connections of Internet users through DNS "spoofing" tactics and redirect them to a site of their choice.

According to the US based Computer Emergency Response Team (CERT), other vendors are affected, including (but not limited to) Apple Computer, MetaSolv and Microsoft.

DNS attacks have been used by hackers to cause chaos in the past. In October this year the New York Times reported that hackers redirected readers of a Hong Kong newspaper's website to a page dedicated to the Falun Gong, an outlawed Chinese spiritual movement. It is suspected that the users were redirected through a DNS attack.

This is the second vulnerability to be found in BIND this month.

Administrators of BIND domain name servers should upgrade to version 9.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.