CRIME FW: NIPC Advisory 02-004

From: George Heuston (GeorgeH@private)
Date: Tue Jun 04 2002 - 20:15:49 PDT

  • Next message: Kuo, Jimmy: "CRIME Thursday night's Town Hall at PSU"

     
    
    -----Original Message-----
    From: Nipcwatch
    To: daily
    Sent: 6/4/02 4:33 PM
    Subject: NIPC Advisory 02-004
    
                                                          National
    Infrastructure Protection Center
                                                                 "ISC BIND 9
    DoS Vulnerability"
     
    Advisory 02-004
     
    4 June 2002
    
    
     
    
    The CERT Coordination Center (CERT/CC) has issued an advisory on a new
    vulnerability in the Internet Software Consortium's (ISC) Berkeley
    Internet Name Domain (BIND). The vulnerability is in version 9 and
    below.  Exploitation of this vulnerability will cause vulnerable BIND
    server(s) to abort and shut down. After this shutdown, the daemon must
    be manually restarted.  This shut down could cause a Denial-of-Service
    (DoS) effect on other related services that depend on the proper
    operation of Domain Name System (DNS).  Due to the ease of exploiting
    this vulnerability, the National Infrastructure Protection Center (NIPC)
    strongly urges the community to take recommended actions to patch or
    upgrade their version of BIND.    
    
    Description:
    
    BIND is an implementation of the DNS that is maintained by the ISC.  The
    error condition that triggers the shutdown occurs when the rdataset
    parameter to the dns_message_findtype function in message.c is not
    "NULL" as expected.  The condition causes the code to issue an error
    message and system request to shutdown the BIND server.  See CERT/CC for
    more detailed information on the vulnerability at:
    http://www.cert.org/advisories <http://www.cert.org/advisories> .
    
    Recommended Actions:
    
    The NIPC strongly urges the community to take recommended actions to
    either apply patches from their vendors or upgrade their version of BIND
    9 to version 9.2.1.   For mitigation strategies, as well as up-to-date
    vendor information please refer to the BIND page, found here:
    http://www.isc.org/products/BIND/ <http://www.isc.org/products/BIND/>  .
    The CERT/CC webpage has provided an appendix to its Advisory that
    contains information provided by the vendors (
    http://www.cert.org/advisories/ <http://www.cert.org/advisories/> ).
    
    The NIPC encourages recipients of this alert to report computer
    intrusions to their local FBI office (
    http://www.fbi.gov/contact/fo/fo.htm
    <http://www.fbi.gov/contact/fo/fo.htm> ) or the NIPC, and to other
    appropriate authorities. Recipients may report incidents online at
    http://www.nipc.gov/incident/cirr.htm
    <http://www.nipc.gov/incident/cirr.htm> , and can reach the NIPC Watch
    and Warning Unit at (202) 323-3205, 1-888-585-9078 or nipc.watch@private
    <mailto:nipc.watch@private> .
    



    This archive was generated by hypermail 2b30 : Tue Jun 04 2002 - 21:17:07 PDT