[ISN] ISS reports more BIND flaws

From: InfoSec News (isnat_private)
Date: Tue Nov 12 2002 - 22:30:41 PST

Next message: InfoSec News: "[ISN] Oracle in buffer overflow brown alert"

Previous message: InfoSec News: "Re: [ISN] Cordless keyboard woes continue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.nwfusion.com/news/2002/1112bind.html

By Paul Roberts
IDG News Service
11/12/02

New vulnerabilities have been discovered in the common Berkeley
Internet Name Domain (BIND) domain name system (DNS) software that
could allow hackers to carry out denial-of-service attacks against
servers using BIND, according to an advisory issued on Tuesday by
security company Internet Security Systems (ISS).

The ISS advisory details three separate vulnerabilities. All three of
those vulnerabilities make BIND susceptible to denial-of-service
attacks from Internet users or rogue DNS administrators. One of the
three vulnerabilities also involves a buffer overflow condition in the
BIND code that could enable malicious code to be placed and executed
on the machine running the name server software.

The newly discovered vulnerabilities all allow hackers to use what are
referred to as "malformed requests" to attack BIND. Such attacks rely
on passing invalid or improperly formatted information to the BIND
DNS, targeting specific weaknesses in the way the BIND code processes
requests, to cause the DNS server to fail, according to Dan
Ingevaldson, team leader of ISS's X-Force security research group.

While two of the newly discovered vulnerabilities require the attacker
to have access to their own authoritative DNS name server in order to
pass invalid requests to the targeted BIND DNS servers, ISS's
Ingevaldson said that such attacks are not uncommon.

"It's not a difficult requirement," said Ingevaldson of an attacker
hosting their own name server. "We've seen all types of distributed
exploits that require an authoritative name server."

An authoritative name server is registered as the official DNS server
for a particular Internet domain.

The vulnerabilities affect earlier versions of BIND including BIND 4
and the more recent BIND 8 distributions, up to and including 8.3.3,
according to ISS.

ISS contacted the Internet Software Consortium (ISC), which maintains
BIND, in late October regarding the vulnerabilities, according to
Ingevaldson.

BIND 4 is generally not supported by ISC, though the consortium
continues to issue security patches for it. But BIND 8 is still
commonly used, according to Ingevaldson and the ISC's Web site. BIND 9
is not affected by any of the vulnerabilities in ISS's advisory,
according to Ingevaldson.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Oracle in buffer overflow brown alert"
Previous message: InfoSec News: "Re: [ISN] Cordless keyboard woes continue"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Nov 13 2002 - 01:03:18 PST