[ISN] ISS reports more BIND flaws

From: InfoSec News (isnat_private)
Date: Tue Nov 12 2002 - 22:30:41 PST

  • Next message: InfoSec News: "[ISN] Oracle in buffer overflow brown alert"

    By Paul Roberts
    IDG News Service
    New vulnerabilities have been discovered in the common Berkeley
    Internet Name Domain (BIND) domain name system (DNS) software that
    could allow hackers to carry out denial-of-service attacks against
    servers using BIND, according to an advisory issued on Tuesday by
    security company Internet Security Systems (ISS).
    The ISS advisory details three separate vulnerabilities. All three of
    those vulnerabilities make BIND susceptible to denial-of-service
    attacks from Internet users or rogue DNS administrators. One of the
    three vulnerabilities also involves a buffer overflow condition in the
    BIND code that could enable malicious code to be placed and executed
    on the machine running the name server software.
    The newly discovered vulnerabilities all allow hackers to use what are
    referred to as "malformed requests" to attack BIND. Such attacks rely
    on passing invalid or improperly formatted information to the BIND
    DNS, targeting specific weaknesses in the way the BIND code processes
    requests, to cause the DNS server to fail, according to Dan
    Ingevaldson, team leader of ISS's X-Force security research group.
    While two of the newly discovered vulnerabilities require the attacker
    to have access to their own authoritative DNS name server in order to
    pass invalid requests to the targeted BIND DNS servers, ISS's
    Ingevaldson said that such attacks are not uncommon.
    "It's not a difficult requirement," said Ingevaldson of an attacker
    hosting their own name server. "We've seen all types of distributed
    exploits that require an authoritative name server."
    An authoritative name server is registered as the official DNS server
    for a particular Internet domain.
    The vulnerabilities affect earlier versions of BIND including BIND 4
    and the more recent BIND 8 distributions, up to and including 8.3.3,
    according to ISS.
    ISS contacted the Internet Software Consortium (ISC), which maintains
    BIND, in late October regarding the vulnerabilities, according to
    BIND 4 is generally not supported by ISC, though the consortium
    continues to issue security patches for it. But BIND 8 is still
    commonly used, according to Ingevaldson and the ISC's Web site. BIND 9
    is not affected by any of the vulnerabilities in ISS's advisory,
    according to Ingevaldson.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Nov 13 2002 - 01:03:18 PST