News

CERT Reports Multiple BIND Vulnerabilities

The CERT Coordination Center has discovered an error in BIND that could severely affect the operation of the Internet. Malicious users can exploit these vulnerabilities to change the operation of Internet addresses.

CERT, an organization at Carnegie Mellon University, has discovered vulnerabilities in the Berkeley Internet Name Domain (BIND) server software used to map IP addresses to alphanumeric domain names. These vulnerabilities could enable unauthorized users to change the way domain names are mapped, rerouting email, web traffic, and other Internet data.

Each of the four vulnerabilities involve sending garbage queries to a BIND server. Although the queries are meaningless to BIND, they must be specially designed to confuse function within the software. When the queries are repeated, errors such as buffer overflows can result, leaving the server open to malicious reconfiguration. Another vulnerability reveals environment variables to the user, giving him information about the server.

CERT says that most BIND vendors have patches available to guard against these vulnerabilities, which can be downloaded from the vendor sites. One notable exception is the Internet Software Consortium (ISC), a group that put out BIND 4, but no longer maintains it. ISC recommends users upgrade their BIND software to BIND 8.2.3 or BIND 9.1.

BIND servers are typically deployed on Unix machines, as a gateway to enterprise or educational networks.

The full text of the CERT report is available at http://www.cert.org/advisories/CA-2001-02.html - Christopher McConnell

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Windows 10 Preview Adds Ability To Display Linux Distro Files

    Microsoft on Wednesday announced Windows 10 preview build 19603, which adds easier access to installed Linux distro files using Windows File Explorer.

  • Microsoft 365 Business To Get Azure Active Directory Premium P1 Perks

    Subscribers to Microsoft 365 Business (which is being renamed this month to "Microsoft 365 Business Premium") will be getting Azure Active Directory Premium P1 licensing at no additional cost.

  • How To Use .CSV Files with PowerShell, Part 1

    When it comes to bulk administration, few things are handier than .CSV files. In this two-part series, Brien demos his top techniques for working with .CSV files in PowerShell. First up: How to create a .CSV file.

  • SameSite Cookie Changes Rolled Back Until Summer

    The Chromium Project announced on Friday that it's delaying enforcement of SameSite cookie changes, and is temporarily rolling back those changes, because of the COVID-19 turmoil.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.