lug-bg: FW: CERT Advisory CA-2000-20
- Subject: lug-bg: FW: CERT Advisory CA-2000-20
- From: bkrosnov@xxxxxxxxx (Boyan Krosnov)
- Date: Thu, 16 Nov 2000 19:29:42 +0200
malko twyrde kysno ama wse pak moje oshte da ne ste chuli...
towa e golqm problem i ako ste administrator na name server wzemete merki.
--
Boyan Krosnov (http://www.nat.bg/~bkrosnov)
Network Administrator
Lirex BG Ltd.
> -----Original Message-----
> From: Aleph One [mailto:aleph1@xxxxxxxxxxxxxxx]
> Sent: Wednesday, November 15, 2000 8:37 PM
> To: BUGTRAQ@xxxxxxxxxxxxxxxxx
> Subject: CERT Advisory CA-2000-20
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> CERT Advisory CA-2000-20 Mulitple Denial-of-Service Problems
> in ISC BIND
>
> Original release date: November 13, 2000
> Source: CERT/CC
>
> A complete revision history is at the end of this file.
>
> Systems Affected
>
> * Systems running Internet Software Consortium (ISC) BIND version
> 8.2 through 8.2.2-P6
> * Systems running name servers derived from BIND version
> 8.2 through
> 8.2.2-P6
>
> Overview
>
> The CERT Coordination Center has recently learned of two serious
> denial-of-service vulnerabilities in the Internet Software
> Consortium's (ISC) BIND software.
>
> The first vulnerability is referred to by the ISC as the "zxfr bug"
> and affects ISC BIND version 8.2.2, patch levels 1 through 6. The
> second vulnerability, the "srv bug", affects ISC BIND versions 8.2
> through 8.2.2-P6. Derivatives of the above code sets should also be
> presumed vulnerable unless proven otherwise.
>
> I. Description
>
> The Internet Software Consortium, the maintainer of BIND,
> the software
> used to provide domain name resolution services, has
> recently posted
> information about several denial-of-service vulnerabilities. If
> exploited, any of these vulnerabilities could allow remote
> intruders
> to cause site DNS services to be stopped.
>
> For more information about these vulnerabilities and others, please
> see
>
> http://www.isc.org/products/BIND/bind-security.html
>
> Two vulnerabilities in particular have been categorized by both the
> ISC and the CERT/CC as being serious.
>
> The "zxfr bug"
>
> Using this vulnerability, attackers on sites which are permitted to
> request zone transfers can force the named daemon running on
> vulnerable DNS servers to crash, disrupting name resolution service
> until the named daemon is restarted. The only
> preconditions for this
> attack to succeed is that a compressed zone transfer
> (ZXFR) request be
> made from a site allowed to make any zone transfer request
> (not just
> ZXFR), and that a subsequent name service query of an authoritative
> and non-cached record be made. The time between the attack and the
> crash of named may vary from system to system.
>
> This vulnerability has been discussed in public forums. The ISC has
> confirmed that all platforms running version 8.2.2 of the BIND
> software prior to patch level 7 are vulnerable to this attack.
>
> The "srv bug"
>
> This vulnerability can cause affected DNS servers running
> named to go
> into an infinite loop, thus preventing further name requests to be
> handled. This can happen if an SRV record (defined in
> RFC2782) is sent
> to the vulnerable server.
>
> Microsoft's Windows 2000 Active Directory service makes
> extensive use
> of SRV records and is reportedly capable of triggering
> this bug in the
> course of normal operations. This is not, however, a
> vulnerability in
> Microsoft Active Directory. Any network client capable of
> sending SRV
> records to vulnerable name server systems can exercise this
> vulnerability.
>
> The CERT/CC has not received any direct reports of either of these
> vulnerabilities being exploited to date.
>
> Both vulnerabilities can be used by malicious users to
> break the DNS
> services being offered at all exposed sites on the Internet. System
> administrators are strongly recommended to upgrade their
> DNS software
> with either ISC's current distribution or their vendor-supplied
> software. See the Solution and Vendor Information sections of this
> document for more details.
>
> II. Impact
>
> Domain name resolution services (DNS) can be disabled on affected
> servers from arbitrary remote hosts.
>
> III. Solution
>
> Apply a patch from your vendor
>
> The CERT/CC recommends that all users of ISC BIND upgrade to the
> recently-released BIND 8.2.2-P7, which patches both of the
> vulnerabilities discussed in this document. Sites running
> vendor-specific distributions of domain name resolution software
> should check the Vendor Information section below for more specific
> information on how to upgrade to non-vulnerable software.
>
> Restrict zone transfers to trusted hosts
>
> If it is not possible to immediately upgrade systems
> affected by the
> "zxfr bug", the ISC suggests not allowing zone transfers from
> untrusted hosts. This action, however, will not mitigate
> against the
> effects of an attack using the "srv bug".
>
> Although it has been reported that not allowing recursive
> queries may
> help mitigate against the "zxfr" vulnerability, ISC has
> indicated that
> this is not the case.
>
> Appendix A. Vendor Information
>
> The Internet Software Consortium
>
> For the latest information regarding these vulnerabilities, please
> consult the ISC web site at:
>
> http://www.isc.org/products/BIND/bind-security.html
>
> Caldera
>
> Our advisory will be available [at]:
>
>
> http://www.calderasystems.com/support/security/advisories/CSSA
> -2000-040.0.txt
>
> Updated packages will be available from
> OpenLinux Desktop 2.3
> ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current
> 9d8429f25c5fb3bebe2d66b1f9321e61 RPMS/bind-8.2.2p7-1.i386.rpm
> 0e958eb01f40826f000d779dbe6b8cb3 RPMS/bind-doc-8.2.2p7-1.i386.rpm
> 866ff74c77e9c04a6abcddcc11dbe17b RPMS/bind-utils-8.2.2p7-1.i386.rpm
> 6a545924805effbef01de74e34ba005e SRPMS/bind-8.2.2p7-1.src.rpm
> OpenLinux eServer 2.3
> ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current
> 379c4328604b4491a8f3d0de44e42347 RPMS/bind-8.2.2p7-1.i386.rpm
> b428b824c8b67f2d8d4bf53738a3e7e0 RPMS/bind-doc-8.2.2p7-1.i386.rpm
> 28311d630281976a870d38abe91f07fb RPMS/bind-utils-8.2.2p7-1.i386.rpm
> 6a545924805effbef01de74e34ba005e SRPMS/bind-8.2.2p7-1.src.rpm
> OpenLinux eDesktop 2.4
> ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current
> c37b6673cc9539e592013ac114846940 RPMS/bind-8.2.2p7-1.i386.rpm
> bbe0d7e317fde0d47cba1384f6d4b635 RPMS/bind-doc-8.2.2p7-1.i386.rpm
> 5c28dd5641a4550c03e9859d945a806e RPMS/bind-utils-8.2.2p7-1.i386.rpm
> 6a545924805effbef01de74e34ba005e SRPMS/bind-8.2.2p7-1.src.rpm
>
> Compaq Computer Corporation
>
> SOURCE: Compaq Computer Corporation
> Compaq Services
> Software Security Response Team USA
>
> Compaq Tru64/UNIX Operating Systems Software are not vulnerable to
> these reported problems.
>
> Conectiva
>
> Please see Conectiva Linux Security Announcement CLSA-2000:339 at:
>
>
> http://listserv.securityportal.com/SCRIPTS/WA-SECURITYPORTAL.E
> XE?A1=ind0011&L=linux-security#27
>
> Note: Conectiva Linux Security Announcement CLSA-2000:338, also
> regarding this issue, had a packaging error in it. Users who
> downloaded updates based on CLSA-2000:338 should see
> CLSA-2000:339 for
> further information.
>
> Debian
>
> Please see Debian Security notice 20001112, bind at:
>
> http://www.debian.org/security/2000/20001112
>
> FreeBSD
>
> All versions of FreeBSD after 4.0-RELEASE (namely 4.1-RELEASE,
> 4.1.1-RELEASE and the forthcoming 4.2-RELEASE) are not
> vulnerable to
> this bug since they include versions of BIND 8.2.3. FreeBSD
> 4.0-RELEASE and earlier are vulnerable to the reported
> problems since
> they include an older version of BIND, and an update to a
> non-vulnerable version is scheduled to be committed to FreeBSD
> 3.5.1-STABLE in the next few days.
>
> Hewlett-Packard
>
> HP is vulnerable to these problems and is working to correct them.
>
> MandrakeSoft
>
> Please see "MDKSA-2000:067: bind" at:
>
> http://www.linux-mandrake.com/en/security/MDKSA-2000-067.php3
>
> Microsoft Corporation
>
> Microsoft is currently investigating these issues.
>
> NetBSD
>
> NetBSD is believed to be vulnerable to these problems; in response,
> NetBSD-current has been upgraded to 8.2.2-P7 and 8.2.2-P7 will be
> present in the forthcoming NetBSD 1.5 release.
>
> RedHat
>
> Please see "RHSA-2000:107-01: Updated bind packages fixing DoS
> attack", soon to be available at:
>
> http://www.redhat.com/support/errata/
>
> Slackware
>
> Updated Slackware distributions for bind may be found at:
>
>
> ftp://ftp.slackware.com/pub/slackware/slackware-current/slakwa
> re/n1/bind.tgz
>
>
> ______________________________________________________________________
>
> The CERT Coordination Center thanks Mark Andrews, David Conrad, and
> Paul Vixie of the ISC for developing a solution and
> assisting in the
> preparation of this advisory. We would also recognize the
> contribution
> of Olaf Kirch in helping us understand the exact nature of
> the "zxfr
> bug" vulnerability.
>
> ______________________________________________________________________
>
> Author: This document was written by Jeffrey S. Havrilla
> and Jeffrey
> P. Lanza. Feedback on this advisory is appreciated.
>
> ______________________________________________________________________
>
> This document is available from:
> http://www.cert.org/advisories/CA-2000-20.html
>
> ______________________________________________________________________
>
> CERT/CC Contact Information
>
> Email: cert@xxxxxxxx
> Phone: +1 412-268-7090 (24-hour hotline)
> Fax: +1 412-268-6989
> Postal address:
> CERT Coordination Center
> Software Engineering Institute
> Carnegie Mellon University
> Pittsburgh PA 15213-3890
> U.S.A.
>
> CERT personnel answer the hotline 08:00-20:00 EST(GMT-5) /
> EDT(GMT-4)
> Monday through Friday; they are on call for emergencies
> during other
> hours, on U.S. holidays, and on weekends.
>
> Using encryption
>
> We strongly urge you to encrypt sensitive information sent
> by email.
> Our public PGP key is available from
>
> http://www.cert.org/CERT_PGP.key
>
> If you prefer to use DES, please call the CERT hotline for more
> information.
>
> Getting security information
>
> CERT publications and other security information are available from
> our web site
>
> http://www.cert.org/
>
> To subscribe to the CERT mailing list for advisories and bulletins,
> send email to majordomo@xxxxxxxx. Please include in the
> body of your
> message
>
> subscribe cert-advisory
>
> * "CERT" and "CERT Coordination Center" are registered in the U.S.
> Patent and Trademark Office.
>
> ______________________________________________________________________
>
> NO WARRANTY
> Any material furnished by Carnegie Mellon University and
> the Software
> Engineering Institute is furnished on an "as is" basis. Carnegie
> Mellon University makes no warranties of any kind, either
> expressed or
> implied as to any matter including, but not limited to, warranty of
> fitness for a particular purpose or merchantability, exclusivity or
> results obtained from use of the material. Carnegie Mellon
> University
> does not make any warranty of any kind with respect to freedom from
> patent, trademark, or copyright infringement.
> _________________________________________________________________
>
> Conditions for use, disclaimers, and sponsorship information
>
> Copyright 2000 Carnegie Mellon University.
>
> Revision History
> November 13, 2000: Initial release
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP for Personal Privacy 5.0
> Charset: noconv
>
> iQCVAwUBOhBkogYcfu8gsZJZAQHhKQP+Pd9/Qay+mubBlOQxVXPtfm5JmKj8dYfJ
> DnxcIT9qXQFUrq1nVs48fLYhwNtA/fisjZKY6KMkYaw+r+nJVYMz1veP+//sVo7P
> GDBMPUyrWmAGXVfUfIS3zjfWybqCm5+u4a4jDCWTy+n0oSyZ3ExBRPIZbPn1rUL5
> RcqWcCJU5uY=
> =jikH
> -----END PGP SIGNATURE-----
>
==================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
Otpiswaneto RABOTI !!! : Majordomo@xxxxxxxxxxxxxxxxxx UNSUBSCRIBE LUG-BG
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
|