CRIME FW: NIPC Advisory 02-004

From: George Heuston (GeorgeH@private)
Date: Tue Jun 04 2002 - 20:15:49 PDT

Next message: Kuo, Jimmy: "CRIME Thursday night's Town Hall at PSU"

Previous message: Zot O'Connor: "CRIME Test from me"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----Original Message-----
From: Nipcwatch
To: daily
Sent: 6/4/02 4:33 PM
Subject: NIPC Advisory 02-004

                                                      National
Infrastructure Protection Center
                                                             "ISC BIND 9
DoS Vulnerability"

Advisory 02-004

4 June 2002

The CERT Coordination Center (CERT/CC) has issued an advisory on a new
vulnerability in the Internet Software Consortium's (ISC) Berkeley
Internet Name Domain (BIND). The vulnerability is in version 9 and
below.  Exploitation of this vulnerability will cause vulnerable BIND
server(s) to abort and shut down. After this shutdown, the daemon must
be manually restarted.  This shut down could cause a Denial-of-Service
(DoS) effect on other related services that depend on the proper
operation of Domain Name System (DNS).  Due to the ease of exploiting
this vulnerability, the National Infrastructure Protection Center (NIPC)
strongly urges the community to take recommended actions to patch or
upgrade their version of BIND.    

Description:

BIND is an implementation of the DNS that is maintained by the ISC.  The
error condition that triggers the shutdown occurs when the rdataset
parameter to the dns_message_findtype function in message.c is not
"NULL" as expected.  The condition causes the code to issue an error
message and system request to shutdown the BIND server.  See CERT/CC for
more detailed information on the vulnerability at:
http://www.cert.org/advisories <http://www.cert.org/advisories> .

Recommended Actions:

The NIPC strongly urges the community to take recommended actions to
either apply patches from their vendors or upgrade their version of BIND
9 to version 9.2.1.   For mitigation strategies, as well as up-to-date
vendor information please refer to the BIND page, found here:
http://www.isc.org/products/BIND/ <http://www.isc.org/products/BIND/>  .
The CERT/CC webpage has provided an appendix to its Advisory that
contains information provided by the vendors (
http://www.cert.org/advisories/ <http://www.cert.org/advisories/> ).

The NIPC encourages recipients of this alert to report computer
intrusions to their local FBI office (
http://www.fbi.gov/contact/fo/fo.htm
<http://www.fbi.gov/contact/fo/fo.htm> ) or the NIPC, and to other
appropriate authorities. Recipients may report incidents online at
http://www.nipc.gov/incident/cirr.htm
<http://www.nipc.gov/incident/cirr.htm> , and can reach the NIPC Watch
and Warning Unit at (202) 323-3205, 1-888-585-9078 or nipc.watch@private
<mailto:nipc.watch@private> .

Next message: Kuo, Jimmy: "CRIME Thursday night's Town Hall at PSU"
Previous message: Zot O'Connor: "CRIME Test from me"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 04 2002 - 21:17:07 PDT