[iwar] [fc:ISC.BIND.9.DoS.Vulnerability]

• Next message: Fred Cohen: "[iwar] [fc:Dead.Men.Tell.No.Passwords]"
• Previous message: Fred Cohen: "[iwar] [fc:PA..creates.cybercrime.task.force]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Return-Path: <sentto-279987-4767-1023313240-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Wed, 05 Jun 2002 14:44:11 -0700 (PDT)
Received: (qmail 5595 invoked by uid 510); 5 Jun 2002 21:41:04 -0000
Received: from n11.grp.scd.yahoo.com (66.218.66.66) by all.net with SMTP; 5 Jun 2002 21:41:04 -0000
X-eGroups-Return: sentto-279987-4767-1023313240-fc=all.net@returns.groups.yahoo.com
Received: from [66.218.67.192] by n11.grp.scd.yahoo.com with NNFMP; 05 Jun 2002 21:40:40 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_3_2); 5 Jun 2002 21:40:40 -0000
Received: (qmail 34264 invoked from network); 5 Jun 2002 21:40:38 -0000
Received: from unknown (66.218.66.218) by m10.grp.scd.yahoo.com with QMQP; 5 Jun 2002 21:40:38 -0000
Received: from unknown (HELO red.all.net) (12.232.72.152) by mta3.grp.scd.yahoo.com with SMTP; 5 Jun 2002 21:40:38 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g55LhaJ26828 for iwar@onelist.com; Wed, 5 Jun 2002 14:43:36 -0700
Message-Id: <200206052143.g55LhaJ26828@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Wed, 5 Jun 2002 14:43:35 -0700 (PDT)
Subject: [iwar] [fc:ISC.BIND.9.DoS.Vulnerability]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, hits=-0.4 required=5.0 tests=SUPERLONG_LINE,DIFFERENT_REPLY_TO version=2.20
X-Spam-Level: 

Advisory 02-004

  ISC BIND 9 DoS Vulnerability
  04 June 2002

  The CERT Coordination Center (CERT/CC) has issued an advisory on a new
vulnerability in the Internet Software Consortium's (ISC) Berkeley
Internet Name Domain (BIND).  The vulnerability is in version 9 and
below.  Exploitation of this vulnerability will cause vulnerable BIND
server(s) to abort and shut down.  After this shutdown, the daemon must
be manually restarted.  This shut down could cause a Denial-of-Service
(DOS) effect on other related services that depend on the proper
operation of Domain Name System (DNS).  Due to the ease of exploiting
this vulnerability, the National Infrastructure Protection Center (NIPC)
strongly urges the community to take recommended actions to patch or
upgrade their version of BIND. 

  Description:

  BIND is an implementation of the DNS that is maintained by the ISC. 
The error condition that triggers the shutdown occurs when the rdataset
parameter to the dns_message_findtype function in message.c is not
"NULL" as expected.  The condition causes the code to issue an error
message and system request to shutdown the BIND server.  See CERT/CC for
more detailed information on the vulnerability at: <a
href="http://www.cert.org/advisories">http://www.cert.org/advisories>. 

  Recommended Actions:

  The NIPC strongly urges the community to take recommended actions
toeither apply patches from their vendors or upgrade their version of
BIND9 to version 9.2.1.  For mitigation strategies, as well as
up-to-datevendor information please refer to the BIND page, found here:
<ahref="http://www.isc.org/products/BIND/">http:/www.isc.org/products/BIND/</a>. 
The CERT/CC webpage has provided an appendix to its Advisory that
contains information provided by the vendors (<a
href="http://www.cert.org/advisories/">http://www.cert.org/advisories/>). 

  The NIPC encourages recipients of this alert to report computer
intrusions to their local FBI office (<a
href="http://www.fbi.gov/contact/fo/fo.htm">http://www.fbi.gov/contact/fo/fo.htm>)
or the NIPC, and to otherappropriate authorities.  Recipients may report
incidents online at <a
href="http://www.nipc.gov/incident/cirr.htm">http://www.nipc.gov/incident/cirr.htm>,and
can reach the NIPC Watch and Warning Unit at (202) 323-3205,
1-888-585-9078 ornipc.watch@fbi.gov. 

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Which security solution is right for your Web site? Before you
decide, request your FREE guide, "Securing Your Web Site For Business," to learn the facts. In the guide, find solutions for: * Encrypting online transactions * Securing corporate intranets * Authenticating your Web site Get your FREE guide today at:
http://us.click.yahoo.com/U02TTC/OyKEAA/sXBHAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 

• Next message: Fred Cohen: "[iwar] [fc:Dead.Men.Tell.No.Passwords]"
• Previous message: Fred Cohen: "[iwar] [fc:PA..creates.cybercrime.task.force]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : 2003-08-24 02:46:32 PDT