Return-Path: <sentto-279987-4137-1009517845-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 27 Dec 2001 21:40:07 -0800 (PST) Received: (qmail 10380 invoked by uid 510); 28 Dec 2001 05:37:46 -0000 Received: from n25.groups.yahoo.com (216.115.96.75) by all.net with SMTP; 28 Dec 2001 05:37:46 -0000 X-eGroups-Return: sentto-279987-4137-1009517845-fc=all.net@returns.groups.yahoo.com Received: from [216.115.97.189] by n25.groups.yahoo.com with NNFMP; 28 Dec 2001 05:36:23 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_1_3); 28 Dec 2001 05:37:25 -0000 Received: (qmail 65557 invoked from network); 28 Dec 2001 05:37:24 -0000 Received: from unknown (216.115.97.167) by m3.grp.snv.yahoo.com with QMQP; 28 Dec 2001 05:37:24 -0000 Received: from unknown (HELO red.all.net) (12.232.125.69) by mta1.grp.snv.yahoo.com with SMTP; 28 Dec 2001 05:37:24 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fBS5bwa03973 for iwar@onelist.com; Thu, 27 Dec 2001 21:37:58 -0800 Message-Id: <200112280537.fBS5bwa03973@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 27 Dec 2001 21:37:58 -0800 (PST) Subject: [iwar] [fc:Major.net.security.holes.identified:.Bind.bugs.leave.the.net.wide.open.to.attack] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Major net security holes identified: Bind bugs leave the net wide open to attack By Mark Ward, BBC News Online, 12/27/2001 <a href="http://news.bbc.co.uk/hi/english/sci/tech/newsid_1142000/1142572.stm">http://news.bbc.co.uk/hi/english/sci/tech/newsid_1142000/1142572.stm> The internet's single most important software package contains holes that can be exploited by malicious hackers. Anyone exploiting these vulnerabilities could take control of net servers, redirect visitors and steal e-mail messages, web security experts say. Net server administrators using the at risk versions of the Berkeley Internet Name Domain (Bind) software have been urged to update their systems swiftly before they are attacked. The internet's 13 root servers were quietly updated earlier this month ahead of the general, public alert. Error message The security warning about the Berkeley Internet Name Domain server, used by an estimated 90% of the networks that comprise the internet, was issued by the US Government-funded Computer Emergency Response Team (Cert). Bind is the net equivalent of directory enquiries, and is consulted by a computer when it converts a domain name, such as bbc.co.uk, into a numeric address that details where to find that site on the internet. Typically, hundreds or thousands of computers on an individual network consult a couple of servers running Bind. Now, work by PGP Covert Labs has found that versions 4 and 8 of Bind contain vulnerabilities that could be exploited by malicious hackers and let them take over a server. Typically, when a computer on the net gets a message it does not understand, it responds by generating a routine error message. But PGP Covert Labs found that the vulnerabilities mean that Bind will execute commands hidden in carefully-crafted bogus messages. Malicious hackers exploiting this could take over a net server, redirect queries to sites they controlled or re-route e-mail messages. Vulnerability alerts Shawn Hernan, leader of the Cert team, said Bind was "arguably the internet's single most important software package" and added: "This is among the most serious vulnerabilities to affect the internet." Before they were quietly upgraded earlier this month, the internet's 13 root servers, that hold the master lists of which websites are where, were vulnerable to this type of attack. Cert is typically happy to issue warnings via the net but this latest vulnerability was so serious that it called a press conference and publicly urged web server administrators to act straight away to close the loophole. Worried webmasters should upgrade to secure versions of Bind. Cert said that swift action was needed malicious hackers are known to watch vulnerability alerts - sometimes more closely than many web administrators. When Cert issued a warning about a hole in Bind in November 1999, the number of attempts by malicious hackers to exploit this vulnerability rose in the following couple of months. It expects exploitation of the holes to be "widespread" very soon. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Need new boots for winter? Looking for a perfect gift for your shoe loving friends? Zappos.com is the perfect fit for all your shoe needs! http://us.click.yahoo.com/ltdUpD/QrSDAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 21:00:00 PST