Bind 4 and 8 Vulnerabilities

← Back to Stories (view on slashdot.org)

Posted by michael on Tuesday November 12, 2002 @07:10AM from the who-uses-BIND4-anymore dept.

eecue writes "The world's most popular DNS package is once again vulnerable. Even the advisory says it's only a matter of time before worms are written.... just like a couple years ago. I guess this is why i run tinydns."

4 of 402 comments (clear)

Min score:

Reason:

Sort:

And I guess... by nagora · 2002-11-12 07:13 · Score: 5, Insightful

...that's why I run Bind 9 and keep it updated.
TWW

--
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
Passive Worm Potential... PATCH NOW by nweaver · 2002-11-12 07:27 · Score: 5, Insightful

The potential for a passive worm is actually fairly high, given that the exploit needs to come in response to a DNS query: The worm infects a DNS server, and waits for queries. It responds to those queries from other DNS servers by attempting to infect them.

The nasty parts: Enough people dual-use their DNS servers (serving as both authoritative master for outside and for their own lookups) that you could get lots of authoritative masters. It also does NOT scan.

It could be made even stealtier if the exploit, on failure, would still function. On success, it of course functions normally. This might be harder, but, if so, it would be really REALLY hard to detect such a worm.

It would take a bit of writing to get right, so there is a good window in which to patch your machines. So patch SOON.

--
Test your net with Netalyzr
Re:Did ISS tell bind maintainers? by tekBuddha · 2002-11-12 07:32 · Score: 5, Insightful

It was mentioned on the FreeBSD-Security list this morning that ISS had informed vendors that they were going to go public with this advisory tomorrow and not today. So in answer to your question, Yes, the vendors have apparently been notified.

This however appears to be yet another situation where ISS has gone ahead and released an advisory before the vendors have actually had a chance to make patches available to the public.

This is supposed to be a security firm that is trying to assist the public in keeping their boxen secure? If so, I'm really scared of the firms that are out there really trying to do damage.
What if you can't use (fill_in_the_blank)? by why-is-it · 2002-11-12 07:38 · Score: 5, Insightful

For me, it is not really an option to use a tinydns or any other DNS solution other than BIND. Upgrading to BIND9 is not really an option for me either. I work for a large multinational, and we have a lot of UNIX servers (Sun, IBM, and HP in terms of numbers). I get hardware and software support direct from the manufacturer, and if I install an application, or a version of an application that my vendor does not support, I am on my own. These 24-7 support contracts are important to us in being able to sell our services and maintaining our SLA's and availability targets. Those issues aside, I do not want to have to explain to the PHBs that we cannot get support on a particular problem because the application in question is not supported by Sun, or that IBM only supports version 3.4 and we run version 4.0.

So, it is all well and good if someone out there has the choice to install some other software, but keep in mind that it is not necessarily an option for everyone...

--
*** Where are we going? And what's with this handbasket?