From owner-freebsd-security Tue Nov 12 15:43:11 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E79537B401 for ; Tue, 12 Nov 2002 15:43:05 -0800 (PST) Received: from WS11040202.bytecraft.au.com (ws11040202.bytecraft.au.com [203.39.118.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4B1B443E8A for ; Tue, 12 Nov 2002 15:43:03 -0800 (PST) (envelope-from MichaelCarew@bytecraftsystems.com) Received: from wombat.bytecraft.au.com (not verified[203.39.118.3]) by WS11040202.bytecraft.au.com with MailMarshal (4,2,5,0) id ; Wed, 13 Nov 2002 10:43:01 +1100 Received: from wscarewm (unknown [10.0.17.13]) by wombat.bytecraft.au.com (Postfix) with SMTP id BD1BD3FB4 for ; Wed, 13 Nov 2002 10:43:00 +1100 (EST) Message-ID: <07dc01c28aa4$fdb51d50$0d11000a@wscarewm> From: "Michael Carew" To: References: <20021112172820.GV96637@techometer.net> Subject: Re: ISS Security Advisory: Multiple Remote Vulnerabilities in BIND4 and BIND8 (fwd)] Date: Wed, 13 Nov 2002 10:41:15 +1100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org One thing that the advisory seems to leave out, is limiting recursion, rather than disabling. In named.conf something similar to the following can be used to limit some exposure: options { allow-recursion { 127.0.0.1; 10.0.0.0/8; }; }; This is generally a good security practice anyway. Cheers, Michael ----- Original Message ----- From: "Erick Mechler" To: Sent: Wednesday, November 13, 2002 4:28 AM Subject: [Fwd: ISS Security Advisory: Multiple Remote Vulnerabilities in BIND4 and BIND8 (fwd)] > The following was just posted to bugtraq. > > Cheers - Erick > > ----- Forwarded message from Dave Ahmad ----- > > Date: Tue, 12 Nov 2002 10:05:42 -0700 (MST) > From: Dave Ahmad > To: bugtraq@securityfocus.com > Subject: ISS Security Advisory: Multiple Remote Vulnerabilities in BIND4 and > BIND8 (fwd) > > > > David Mirza Ahmad > Symantec > > 0x26005712 > 8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12 > > ---------- Forwarded message ---------- > Return-Path: > Delivered-To: da@securityfocus.com > Received: (qmail 800 invoked from network); 12 Nov 2002 17:04:55 -0000 > Received: from atla-mm1.iss.net (209.134.161.13) > by mail.securityfocus.com with SMTP; 12 Nov 2002 17:04:55 -0000 > Received: from atla-mm1.iss.net (localhost [127.0.0.1]) > by atla-mm1.iss.net (8.12.2/8.12.2) with ESMTP id gACH4tKI001621; > Tue, 12 Nov 2002 12:04:55 -0500 (EST) > Received: from atla-mx1.iss.net (atla-mx1.iss.net [209.134.161.6]) > by atla-mm1.iss.net (8.12.2/8.12.2) with ESMTP id gACGwJPN000338 > for ; Tue, 12 Nov 2002 11:58:20 -0500 (EST) > Received: from ra.iss.net (ra.iss.net [209.134.170.135]) > by atla-mx1.iss.net (8.12.2/8.12.2) with ESMTP id gACGwIgC015983 > for ; Tue, 12 Nov 2002 11:58:18 -0500 (EST) > Received: (from xforce@localhost) > by ra.iss.net (8.10.2+Sun/8.10.2) id gACGr7N00575; > Tue, 12 Nov 2002 11:53:07 -0500 (EST) > Message-Id: <200211121653.gACGr7N00575@ra.iss.net> > To: alert@iss.net > From: X-Force > Subject: ISS Security Advisory: Multiple Remote Vulnerabilities in BIND4 > and BIND8 > Sender: alert-admin@iss.net > Errors-To: alert-admin@iss.net > X-BeenThere: alert@iss.net > X-Mailman-Version: 2.0.8 > Precedence: bulk > List-Help: > List-Post: > List-Subscribe: , > > List-Id: ISS security alert advisories > List-Unsubscribe: , > > List-Archive: > Date: Tue, 12 Nov 2002 11:53:07 -0500 (EST) > > -----BEGIN PGP SIGNED MESSAGE----- > > Internet Security Systems Security Brief > November 12, 2002 > > Multiple Remote Vulnerabilities in BIND4 and BIND8 > > Synopsis: > > ISS X-Force has discovered several serious vulnerabilities in the Berkeley > Internet Name Domain Server (BIND). BIND is the most common implementation of > the DNS (Domain Name Service) protocol, which is used on the vast majority of > DNS servers on the Internet. DNS is a vital Internet protocol that maintains > a database of easy-to-remember domain names (host names) and their > corresponding numerical IP addresses. > > Impact: > > The vulnerabilities described in this advisory affect nearly all currently > deployed recursive DNS servers on the Internet. The DNS network is considered > a critical component of Internet infrastructure. There is no information > implying that these exploits are known to the computer underground, and there > are no reports of active attacks. If exploits for these vulnerabilities are > developed and made public, they may lead to compromise and DoS attacks against > vulnerable DNS servers. Since the vulnerability is widespread, an Internet > worm may be developed to propagate by exploiting the flaws in BIND. Widespread > attacks against the DNS system may lead to general instability and inaccuracy > of DNS data. > > Affected Versions: > > BIND SIG Cached RR Overflow Vulnerability > > BIND 8, versions up to and including 8.3.3-REL > BIND 4, versions up to and including 4.9.10-REL > > BIND OPT DoS > > BIND 8, versions 8.3.0 up to and including 8.3.3-REL > > BIND SIG Expiry Time DoS > > BIND 8, versions up to and including 8.3.3-REL > > For the complete ISS X-Force Security Advisory, please visit: > http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 > > ______ > > About Internet Security Systems (ISS) Founded in 1994, Internet Security > Systems (ISS) (Nasdaq: ISSX) is a pioneer and world leader in software > and services that protect critical online resources from an ever- > changing spectrum of threats and misuse. Internet Security Systems is > headquartered in Atlanta, GA, with additional operations throughout the > Americas, Asia, Australia, Europe and the Middle East. > > Copyright (c) 2002 Internet Security Systems, Inc. All rights reserved > worldwide. > > Permission is hereby granted for the electronic redistribution of this > document. It is not to be edited or altered in any way without the > express written consent of the Internet Security Systems X-Force. If you > wish to reprint the whole or any part of this document in any other > medium excluding electronic media, please email xforce@iss.net for > permission. > > Disclaimer: The information within this paper may change without notice. > Use of this information constitutes acceptance for use in an AS IS > condition. There are NO warranties, implied or otherwise, with regard to > this information or its use. Any use of this information is at the > user's risk. In no event shall the author/distributor (Internet Security > Systems X-Force) be held liable for any damages whatsoever arising out > of or in connection with the use or spread of this information. > > X-Force PGP Key available on MIT's PGP key server and PGP.com's key > server, as well as at http://www.iss.net/security_center/sensitive.php > > Please send suggestions, updates, and comments to: X-Force > xforce@iss.net of Internet Security Systems, Inc. > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBPdExszRfJiV99eG9AQEjKgP/dUFj2Hik6CofyaKqQYWW8LAIgLbZBJKN > MZNpNYefF0aXm2lHhwis6XXxYNHHUvUIczRL6deTvxYavjjUdbkQssad5vS0pp/2 > 1IzU62NgGCHOOaAYUh3ecaYGPXWYoDZFLEMXFuoV6SC0uOpnOXdG+NSSfUwWXDTI > rNIJ5UlHox0= > =4W9H > -----END PGP SIGNATURE----- > > ----- End forwarded message ----- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > ************************************************************************ > This Email has been scanned for Viruses by MailMarshal > an automated gateway email virus scanner. > > ************************************************************************ > ************************************************************************ This Email has been scanned for Viruses by MailMarshal an automated gateway email virus scanner. ************************************************************************ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message