[ISN] CERT warns of another BIND problem

From: InfoSec News (isnat_private)
Date: Thu Jun 06 2002 - 02:28:27 PDT

Next message: InfoSec News: "[ISN] Clarke warns educators about need for better security"

Previous message: InfoSec News: "[ISN] Evolving viruses threat to many platforms"
Next in thread: InfoSec News: "Re: [ISN] CERT warns of another BIND problem"
Reply: InfoSec News: "Re: [ISN] CERT warns of another BIND problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.nwfusion.com/news/2002/0605bind.html

By Joris Evers
IDG News Service, 06/05/02

A flaw in a software tool used to translate text-based Internet domain
names into numerical addresses could make parts of the Internet
vulnerable to denial-of-service attacks, the Computer Emergency
Response Team warned Tuesday.

The flaw is in certain versions of BIND [Berkeley Internet Name
Domain], a widely-used piece of DNS software, CERT said in an
advisory.

DNS servers running BIND 9 prior to Version 9.2.1 are vulnerable. An
attacker could shut down the DNS service on that server by sending a
specific DNS packet. The service will then remain unavailable until
restarted, CERT said.

BIND 9.2.1 was released on May 1 by the Internet Software Consortium
(ISC), which distributes BIND free of charge. It is a so-called
maintenance release that fixes a number of bugs in 9.2.0 but has no
new features, according to the ISC Web site.

DNS servers translate text-based domain names into numeric IP
addresses. When those servers go down, users who type Web addresses -
such as nba.com and fbi.gov - can't connect to the intended servers.  
E-mail sent to affected domains will bounce back.

"If you can trigger something that shuts down the name server, than
that is a serious matter," said Petur Petursson, CEO of Men & Mice, a
DNS consultancy firm in Reykjavik, Iceland.

"It is normal for a company to run two name servers. If you manage to
shoot both of them down, the company will disappear from the
Internet," Petursson said.

BIND 9.2.1 is available for free download from the ISC Web site. BIND
is also often part of software sold by server software vendors. These
vendors may offer their own patches, according to CERT, which urges
users of BIND 9 to either upgrade or apply a patch.

The vulnerability of the DNS is seen as an important Internet security
concern. The Internet Corporation for Assigned Names and Numbers, the
organization that oversees the Internet's addressing system, has
formed a security committee aimed, in part, at examining DNS security
holes.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Clarke warns educators about need for better security"
Previous message: InfoSec News: "[ISN] Evolving viruses threat to many platforms"
Next in thread: InfoSec News: "Re: [ISN] CERT warns of another BIND problem"
Reply: InfoSec News: "Re: [ISN] CERT warns of another BIND problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 06 2002 - 05:17:19 PDT