CERT Reports Multiple BIND Vulnerabilities

The CERT Coordination Center has discovered an error in BIND that could severely affect the operation of the Internet. Malicious users can exploit these vulnerabilities to change the operation of Internet addresses.

CERT, an organization at Carnegie Mellon University, has discovered vulnerabilities in the Berkeley Internet Name Domain (BIND) server software used to map IP addresses to alphanumeric domain names. These vulnerabilities could enable unauthorized users to change the way domain names are mapped, rerouting email, web traffic, and other Internet data.

Each of the four vulnerabilities involve sending garbage queries to a BIND server. Although the queries are meaningless to BIND, they must be specially designed to confuse function within the software. When the queries are repeated, errors such as buffer overflows can result, leaving the server open to malicious reconfiguration. Another vulnerability reveals environment variables to the user, giving him information about the server.

CERT says that most BIND vendors have patches available to guard against these vulnerabilities, which can be downloaded from the vendor sites. One notable exception is the Internet Software Consortium (ISC), a group that put out BIND 4, but no longer maintains it. ISC recommends users upgrade their BIND software to BIND 8.2.3 or BIND 9.1.

BIND servers are typically deployed on Unix machines, as a gateway to enterprise or educational networks.

The full text of the CERT report is available at - Christopher McConnell

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.