Date: Tue, 12 Nov 2002 09:28:20 -0800 From: Erick Mechler <emechler@techometer.net> To: security@freebsd.org Subject: [Fwd: ISS Security Advisory: Multiple Remote Vulnerabilities in BIND4 and BIND8 (fwd)] Message-ID: <20021112172820.GV96637@techometer.net>
next in thread | raw e-mail | index | archive | help
The following was just posted to bugtraq.
Cheers - Erick
----- Forwarded message from Dave Ahmad <da@securityfocus.com> -----
Date: Tue, 12 Nov 2002 10:05:42 -0700 (MST)
From: Dave Ahmad <da@securityfocus.com>
To: bugtraq@securityfocus.com
Subject: ISS Security Advisory: Multiple Remote Vulnerabilities in BIND4 and
BIND8 (fwd)
David Mirza Ahmad
Symantec
0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12
---------- Forwarded message ----------
Return-Path: <alert-admin@iss.net>
Delivered-To: da@securityfocus.com
Received: (qmail 800 invoked from network); 12 Nov 2002 17:04:55 -0000
Received: from atla-mm1.iss.net (209.134.161.13)
by mail.securityfocus.com with SMTP; 12 Nov 2002 17:04:55 -0000
Received: from atla-mm1.iss.net (localhost [127.0.0.1])
by atla-mm1.iss.net (8.12.2/8.12.2) with ESMTP id gACH4tKI001621;
Tue, 12 Nov 2002 12:04:55 -0500 (EST)
Received: from atla-mx1.iss.net (atla-mx1.iss.net [209.134.161.6])
by atla-mm1.iss.net (8.12.2/8.12.2) with ESMTP id gACGwJPN000338
for <alert@atla-mm1.iss.net>; Tue, 12 Nov 2002 11:58:20 -0500 (EST)
Received: from ra.iss.net (ra.iss.net [209.134.170.135])
by atla-mx1.iss.net (8.12.2/8.12.2) with ESMTP id gACGwIgC015983
for <alert@iss.net>; Tue, 12 Nov 2002 11:58:18 -0500 (EST)
Received: (from xforce@localhost)
by ra.iss.net (8.10.2+Sun/8.10.2) id gACGr7N00575;
Tue, 12 Nov 2002 11:53:07 -0500 (EST)
Message-Id: <200211121653.gACGr7N00575@ra.iss.net>
To: alert@iss.net
From: X-Force <xforce@iss.net>
Subject: ISS Security Advisory: Multiple Remote Vulnerabilities in BIND4
and BIND8
Sender: alert-admin@iss.net
Errors-To: alert-admin@iss.net
X-BeenThere: alert@iss.net
X-Mailman-Version: 2.0.8
Precedence: bulk
List-Help: <mailto:alert-request@iss.net?subject=help>
List-Post: <mailto:alert@iss.net>
List-Subscribe: <https://atla-mm1.iss.net/mailman/listinfo/alert>,
<mailto:alert-request@iss.net?subject=subscribe>
List-Id: ISS security alert advisories <alert.iss.net>
List-Unsubscribe: <https://atla-mm1.iss.net/mailman/listinfo/alert>,
<mailto:alert-request@iss.net?subject=unsubscribe>
List-Archive: <https://atla-mm1.iss.net/mailman/private/alert/>;
Date: Tue, 12 Nov 2002 11:53:07 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Brief
November 12, 2002
Multiple Remote Vulnerabilities in BIND4 and BIND8
Synopsis:
ISS X-Force has discovered several serious vulnerabilities in the Berkeley
Internet Name Domain Server (BIND). BIND is the most common implementation of
the DNS (Domain Name Service) protocol, which is used on the vast majority of
DNS servers on the Internet. DNS is a vital Internet protocol that maintains
a database of easy-to-remember domain names (host names) and their
corresponding numerical IP addresses.
Impact:
The vulnerabilities described in this advisory affect nearly all currently
deployed recursive DNS servers on the Internet. The DNS network is considered
a critical component of Internet infrastructure. There is no information
implying that these exploits are known to the computer underground, and there
are no reports of active attacks. If exploits for these vulnerabilities are
developed and made public, they may lead to compromise and DoS attacks against
vulnerable DNS servers. Since the vulnerability is widespread, an Internet
worm may be developed to propagate by exploiting the flaws in BIND. Widespread
attacks against the DNS system may lead to general instability and inaccuracy
of DNS data.
Affected Versions:
BIND SIG Cached RR Overflow Vulnerability
BIND 8, versions up to and including 8.3.3-REL
BIND 4, versions up to and including 4.9.10-REL
BIND OPT DoS
BIND 8, versions 8.3.0 up to and including 8.3.3-REL
BIND SIG Expiry Time DoS
BIND 8, versions up to and including 8.3.3-REL
For the complete ISS X-Force Security Advisory, please visit:
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
______
About Internet Security Systems (ISS) Founded in 1994, Internet Security
Systems (ISS) (Nasdaq: ISSX) is a pioneer and world leader in software
and services that protect critical online resources from an ever-
changing spectrum of threats and misuse. Internet Security Systems is
headquartered in Atlanta, GA, with additional operations throughout the
Americas, Asia, Australia, Europe and the Middle East.
Copyright (c) 2002 Internet Security Systems, Inc. All rights reserved
worldwide.
Permission is hereby granted for the electronic redistribution of this
document. It is not to be edited or altered in any way without the
express written consent of the Internet Security Systems X-Force. If you
wish to reprint the whole or any part of this document in any other
medium excluding electronic media, please email xforce@iss.net for
permission.
Disclaimer: The information within this paper may change without notice.
Use of this information constitutes acceptance for use in an AS IS
condition. There are NO warranties, implied or otherwise, with regard to
this information or its use. Any use of this information is at the
user's risk. In no event shall the author/distributor (Internet Security
Systems X-Force) be held liable for any damages whatsoever arising out
of or in connection with the use or spread of this information.
X-Force PGP Key available on MIT's PGP key server and PGP.com's key
server, as well as at http://www.iss.net/security_center/sensitive.php
Please send suggestions, updates, and comments to: X-Force
xforce@iss.net of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBPdExszRfJiV99eG9AQEjKgP/dUFj2Hik6CofyaKqQYWW8LAIgLbZBJKN
MZNpNYefF0aXm2lHhwis6XXxYNHHUvUIczRL6deTvxYavjjUdbkQssad5vS0pp/2
1IzU62NgGCHOOaAYUh3ecaYGPXWYoDZFLEMXFuoV6SC0uOpnOXdG+NSSfUwWXDTI
rNIJ5UlHox0=
=4W9H
-----END PGP SIGNATURE-----
----- End forwarded message -----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021112172820.GV96637>