Date: Wed, 13 Nov 2002 10:41:15 +1100 From: "Michael Carew" <MichaelCarew@bytecraftsystems.com> To: <freebsd-security@FreeBSD.ORG> Subject: Re: ISS Security Advisory: Multiple Remote Vulnerabilities in BIND4 and BIND8 (fwd)] Message-ID: <07dc01c28aa4$fdb51d50$0d11000a@wscarewm> References: <20021112172820.GV96637@techometer.net>
next in thread | previous in thread | raw e-mail | index | archive | help
One thing that the advisory seems to leave out, is limiting recursion,
rather than disabling.
In named.conf something similar to the following can be used to limit some
exposure:
options {
allow-recursion { 127.0.0.1; 10.0.0.0/8; };
};
This is generally a good security practice anyway.
Cheers,
Michael
----- Original Message -----
From: "Erick Mechler" <emechler@techometer.net>
To: <security@freebsd.org>
Sent: Wednesday, November 13, 2002 4:28 AM
Subject: [Fwd: ISS Security Advisory: Multiple Remote Vulnerabilities in
BIND4 and BIND8 (fwd)]
> The following was just posted to bugtraq.
>
> Cheers - Erick
>
> ----- Forwarded message from Dave Ahmad <da@securityfocus.com> -----
>
> Date: Tue, 12 Nov 2002 10:05:42 -0700 (MST)
> From: Dave Ahmad <da@securityfocus.com>
> To: bugtraq@securityfocus.com
> Subject: ISS Security Advisory: Multiple Remote Vulnerabilities in BIND4
and
> BIND8 (fwd)
>
>
>
> David Mirza Ahmad
> Symantec
>
> 0x26005712
> 8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
>
> ---------- Forwarded message ----------
> Return-Path: <alert-admin@iss.net>
> Delivered-To: da@securityfocus.com
> Received: (qmail 800 invoked from network); 12 Nov 2002 17:04:55 -0000
> Received: from atla-mm1.iss.net (209.134.161.13)
> by mail.securityfocus.com with SMTP; 12 Nov 2002 17:04:55 -0000
> Received: from atla-mm1.iss.net (localhost [127.0.0.1])
> by atla-mm1.iss.net (8.12.2/8.12.2) with ESMTP id gACH4tKI001621;
> Tue, 12 Nov 2002 12:04:55 -0500 (EST)
> Received: from atla-mx1.iss.net (atla-mx1.iss.net [209.134.161.6])
> by atla-mm1.iss.net (8.12.2/8.12.2) with ESMTP id gACGwJPN000338
> for <alert@atla-mm1.iss.net>; Tue, 12 Nov 2002 11:58:20 -0500 (EST)
> Received: from ra.iss.net (ra.iss.net [209.134.170.135])
> by atla-mx1.iss.net (8.12.2/8.12.2) with ESMTP id gACGwIgC015983
> for <alert@iss.net>; Tue, 12 Nov 2002 11:58:18 -0500 (EST)
> Received: (from xforce@localhost)
> by ra.iss.net (8.10.2+Sun/8.10.2) id gACGr7N00575;
> Tue, 12 Nov 2002 11:53:07 -0500 (EST)
> Message-Id: <200211121653.gACGr7N00575@ra.iss.net>
> To: alert@iss.net
> From: X-Force <xforce@iss.net>
> Subject: ISS Security Advisory: Multiple Remote Vulnerabilities in BIND4
> and BIND8
> Sender: alert-admin@iss.net
> Errors-To: alert-admin@iss.net
> X-BeenThere: alert@iss.net
> X-Mailman-Version: 2.0.8
> Precedence: bulk
> List-Help: <mailto:alert-request@iss.net?subject=help>
> List-Post: <mailto:alert@iss.net>
> List-Subscribe: <https://atla-mm1.iss.net/mailman/listinfo/alert>,
> <mailto:alert-request@iss.net?subject=subscribe>
> List-Id: ISS security alert advisories <alert.iss.net>
> List-Unsubscribe: <https://atla-mm1.iss.net/mailman/listinfo/alert>,
> <mailto:alert-request@iss.net?subject=unsubscribe>
> List-Archive: <https://atla-mm1.iss.net/mailman/private/alert/>;
> Date: Tue, 12 Nov 2002 11:53:07 -0500 (EST)
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Internet Security Systems Security Brief
> November 12, 2002
>
> Multiple Remote Vulnerabilities in BIND4 and BIND8
>
> Synopsis:
>
> ISS X-Force has discovered several serious vulnerabilities in the Berkeley
> Internet Name Domain Server (BIND). BIND is the most common implementation
of
> the DNS (Domain Name Service) protocol, which is used on the vast majority
of
> DNS servers on the Internet. DNS is a vital Internet protocol that
maintains
> a database of easy-to-remember domain names (host names) and their
> corresponding numerical IP addresses.
>
> Impact:
>
> The vulnerabilities described in this advisory affect nearly all currently
> deployed recursive DNS servers on the Internet. The DNS network is
considered
> a critical component of Internet infrastructure. There is no information
> implying that these exploits are known to the computer underground, and
there
> are no reports of active attacks. If exploits for these vulnerabilities
are
> developed and made public, they may lead to compromise and DoS attacks
against
> vulnerable DNS servers. Since the vulnerability is widespread, an Internet
> worm may be developed to propagate by exploiting the flaws in BIND.
Widespread
> attacks against the DNS system may lead to general instability and
inaccuracy
> of DNS data.
>
> Affected Versions:
>
> BIND SIG Cached RR Overflow Vulnerability
>
> BIND 8, versions up to and including 8.3.3-REL
> BIND 4, versions up to and including 4.9.10-REL
>
> BIND OPT DoS
>
> BIND 8, versions 8.3.0 up to and including 8.3.3-REL
>
> BIND SIG Expiry Time DoS
>
> BIND 8, versions up to and including 8.3.3-REL
>
> For the complete ISS X-Force Security Advisory, please visit:
> http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
>
> ______
>
> About Internet Security Systems (ISS) Founded in 1994, Internet Security
> Systems (ISS) (Nasdaq: ISSX) is a pioneer and world leader in software
> and services that protect critical online resources from an ever-
> changing spectrum of threats and misuse. Internet Security Systems is
> headquartered in Atlanta, GA, with additional operations throughout the
> Americas, Asia, Australia, Europe and the Middle East.
>
> Copyright (c) 2002 Internet Security Systems, Inc. All rights reserved
> worldwide.
>
> Permission is hereby granted for the electronic redistribution of this
> document. It is not to be edited or altered in any way without the
> express written consent of the Internet Security Systems X-Force. If you
> wish to reprint the whole or any part of this document in any other
> medium excluding electronic media, please email xforce@iss.net for
> permission.
>
> Disclaimer: The information within this paper may change without notice.
> Use of this information constitutes acceptance for use in an AS IS
> condition. There are NO warranties, implied or otherwise, with regard to
> this information or its use. Any use of this information is at the
> user's risk. In no event shall the author/distributor (Internet Security
> Systems X-Force) be held liable for any damages whatsoever arising out
> of or in connection with the use or spread of this information.
>
> X-Force PGP Key available on MIT's PGP key server and PGP.com's key
> server, as well as at http://www.iss.net/security_center/sensitive.php
>
> Please send suggestions, updates, and comments to: X-Force
> xforce@iss.net of Internet Security Systems, Inc.
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
>
> iQCVAwUBPdExszRfJiV99eG9AQEjKgP/dUFj2Hik6CofyaKqQYWW8LAIgLbZBJKN
> MZNpNYefF0aXm2lHhwis6XXxYNHHUvUIczRL6deTvxYavjjUdbkQssad5vS0pp/2
> 1IzU62NgGCHOOaAYUh3ecaYGPXWYoDZFLEMXFuoV6SC0uOpnOXdG+NSSfUwWXDTI
> rNIJ5UlHox0=
> =4W9H
> -----END PGP SIGNATURE-----
>
> ----- End forwarded message -----
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
> ************************************************************************
> This Email has been scanned for Viruses by MailMarshal
> an automated gateway email virus scanner.
>
> ************************************************************************
>
************************************************************************
This Email has been scanned for Viruses by MailMarshal
an automated gateway email virus scanner.
************************************************************************
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?07dc01c28aa4$fdb51d50$0d11000a>