/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsFour vulnerabilities have been found in Internet Software Consortium’s (ISC)
Berkeley Internet Name Domain (BIND) server. This is a widely used
implementation of the Domain Name System (DNS) maintained by the ISC. What makes
the threat very serious is that most name servers today run BIND. At risk are
servers running BIND 4.9.x below 4.9.8, and those running BIND 8.2.x below
8.2.3. Simply speaking, name servers translate Internet domain names to their
address numbers that are needed to connect to the particular Website.
Below is a description of the four vulnerabilities.
-
Buffer overflow in transaction
signature handling code of BIND 8: During the handling of a transaction
signature (TSIG), BIND 8 checks for the presence of TSIGs that don’t have
a valid key. If it finds such a signature, it skips normal processing of the
request and jumps to the code that sends an error response. The security
hole lies in the fact that this error-handling code invalidates assumptions
that later function calls make about the size of the request buffer. Now,
the code that adds a new valid signature to the responses may overflow the
request buffer and overwrite adjacent memory. Using this with other buffer
overflow exploitation techniques, an attacker can gain unauthorized access
to the system and run arbitrary code, or write code that could kill the name
server remotely. -
Buffer overflow in
nslookupComplain() in BIND 4: The vulnerable buffer in this case is a
locally defined character array used to build an error message for logging
purposes. An attacker can send a specially-formulated DNS query to the
server, which could result in either a denial-of-service attack, or
execution of arbitrary code on the server. -
Input validation error in
nslookupComplain() in BIND 4: This vulnerability lets an attacker send a
specially formulated DNS query to the server, which would result in the
execution of arbitrary code. This vulnerability was patched by the ISC in an
earlier version of BIND 4, but many third-party vendors have not included
these changes in their BIND packages. -
Queries to BIND servers can
disclose environment variables: An information leak in the query processing
code of both BIND 4 and BIND 8 can allow a remote attacker to access the
program stack, exposing program or environment variables. This vulnerability
can be exploited by sending a specially formatted query to the BIND server.
Patch availability: The ISC has released BIND versions 4.9.8
and 8.2.3, which have patched these security holes. So, users of BIND 4.9.x and
8.2.x should upgrade to these versions respectively. Since BIND 9.x is not
affected by these vulnerabilities, you can also upgrade to BIND 9.1. BIND 4
users should preferably upgrade to BIND 8.2.3 or 9.1 for additional features not
related to security.
BIND 4.9.8 and 8.2.3 are available at: ftp://ftp.isc.org/isc/bind/src/
BIND 9.1 is available at: ftp://ftp.isc.org/isc/bind9/