Return-Path: <sentto-279987-4767-1023313240-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Wed, 05 Jun 2002 14:44:11 -0700 (PDT) Received: (qmail 5595 invoked by uid 510); 5 Jun 2002 21:41:04 -0000 Received: from n11.grp.scd.yahoo.com (66.218.66.66) by all.net with SMTP; 5 Jun 2002 21:41:04 -0000 X-eGroups-Return: sentto-279987-4767-1023313240-fc=all.net@returns.groups.yahoo.com Received: from [66.218.67.192] by n11.grp.scd.yahoo.com with NNFMP; 05 Jun 2002 21:40:40 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_3_2); 5 Jun 2002 21:40:40 -0000 Received: (qmail 34264 invoked from network); 5 Jun 2002 21:40:38 -0000 Received: from unknown (66.218.66.218) by m10.grp.scd.yahoo.com with QMQP; 5 Jun 2002 21:40:38 -0000 Received: from unknown (HELO red.all.net) (12.232.72.152) by mta3.grp.scd.yahoo.com with SMTP; 5 Jun 2002 21:40:38 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g55LhaJ26828 for iwar@onelist.com; Wed, 5 Jun 2002 14:43:36 -0700 Message-Id: <200206052143.g55LhaJ26828@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Wed, 5 Jun 2002 14:43:35 -0700 (PDT) Subject: [iwar] [fc:ISC.BIND.9.DoS.Vulnerability] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=-0.4 required=5.0 tests=SUPERLONG_LINE,DIFFERENT_REPLY_TO version=2.20 X-Spam-Level: Advisory 02-004 ISC BIND 9 DoS Vulnerability 04 June 2002 The CERT Coordination Center (CERT/CC) has issued an advisory on a new vulnerability in the Internet Software Consortium's (ISC) Berkeley Internet Name Domain (BIND). The vulnerability is in version 9 and below. Exploitation of this vulnerability will cause vulnerable BIND server(s) to abort and shut down. After this shutdown, the daemon must be manually restarted. This shut down could cause a Denial-of-Service (DOS) effect on other related services that depend on the proper operation of Domain Name System (DNS). Due to the ease of exploiting this vulnerability, the National Infrastructure Protection Center (NIPC) strongly urges the community to take recommended actions to patch or upgrade their version of BIND. Description: BIND is an implementation of the DNS that is maintained by the ISC. The error condition that triggers the shutdown occurs when the rdataset parameter to the dns_message_findtype function in message.c is not "NULL" as expected. The condition causes the code to issue an error message and system request to shutdown the BIND server. See CERT/CC for more detailed information on the vulnerability at: <a href="http://www.cert.org/advisories">http://www.cert.org/advisories>. Recommended Actions: The NIPC strongly urges the community to take recommended actions toeither apply patches from their vendors or upgrade their version of BIND9 to version 9.2.1. For mitigation strategies, as well as up-to-datevendor information please refer to the BIND page, found here: <ahref="http://www.isc.org/products/BIND/">http:/www.isc.org/products/BIND/</a>. The CERT/CC webpage has provided an appendix to its Advisory that contains information provided by the vendors (<a href="http://www.cert.org/advisories/">http://www.cert.org/advisories/>). The NIPC encourages recipients of this alert to report computer intrusions to their local FBI office (<a href="http://www.fbi.gov/contact/fo/fo.htm">http://www.fbi.gov/contact/fo/fo.htm>) or the NIPC, and to otherappropriate authorities. Recipients may report incidents online at <a href="http://www.nipc.gov/incident/cirr.htm">http://www.nipc.gov/incident/cirr.htm>,and can reach the NIPC Watch and Warning Unit at (202) 323-3205, 1-888-585-9078 ornipc.watch@fbi.gov. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Which security solution is right for your Web site? Before you decide, request your FREE guide, "Securing Your Web Site For Business," to learn the facts. In the guide, find solutions for: * Encrypting online transactions * Securing corporate intranets * Authenticating your Web site Get your FREE guide today at: http://us.click.yahoo.com/U02TTC/OyKEAA/sXBHAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2003-08-24 02:46:32 PDT