http://www.nwfusion.com/news/2002/1112bind.html By Paul Roberts IDG News Service 11/12/02 New vulnerabilities have been discovered in the common Berkeley Internet Name Domain (BIND) domain name system (DNS) software that could allow hackers to carry out denial-of-service attacks against servers using BIND, according to an advisory issued on Tuesday by security company Internet Security Systems (ISS). The ISS advisory details three separate vulnerabilities. All three of those vulnerabilities make BIND susceptible to denial-of-service attacks from Internet users or rogue DNS administrators. One of the three vulnerabilities also involves a buffer overflow condition in the BIND code that could enable malicious code to be placed and executed on the machine running the name server software. The newly discovered vulnerabilities all allow hackers to use what are referred to as "malformed requests" to attack BIND. Such attacks rely on passing invalid or improperly formatted information to the BIND DNS, targeting specific weaknesses in the way the BIND code processes requests, to cause the DNS server to fail, according to Dan Ingevaldson, team leader of ISS's X-Force security research group. While two of the newly discovered vulnerabilities require the attacker to have access to their own authoritative DNS name server in order to pass invalid requests to the targeted BIND DNS servers, ISS's Ingevaldson said that such attacks are not uncommon. "It's not a difficult requirement," said Ingevaldson of an attacker hosting their own name server. "We've seen all types of distributed exploits that require an authoritative name server." An authoritative name server is registered as the official DNS server for a particular Internet domain. The vulnerabilities affect earlier versions of BIND including BIND 4 and the more recent BIND 8 distributions, up to and including 8.3.3, according to ISS. ISS contacted the Internet Software Consortium (ISC), which maintains BIND, in late October regarding the vulnerabilities, according to Ingevaldson. BIND 4 is generally not supported by ISC, though the consortium continues to issue security patches for it. But BIND 8 is still commonly used, according to Ingevaldson and the ISC's Web site. BIND 9 is not affected by any of the vulnerabilities in ISS's advisory, according to Ingevaldson. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Nov 13 2002 - 01:03:18 PST