By Jon Tullett
Several new vulnerabilities found in the common BIND name server program operating the majority of the Internet’s DNS services may lead to a wave of attacks, the Computer Emergency Response Team (CERT) has warned.
Several new vulnerabilities found in the common BIND name server program operating the majority of the Internet’s DNS services may lead to a wave of attacks, the Computer Emergency Response Team (CERT) warned.A new advisory posted at www.cert.orgdetails how attackers could use any of the four new vulnerabilities to compromise a target system, possibly gaining administrator access or shutting down name services.PGP’s Covert research lab has successfully created exploits for most of the vulnerabilities, PGP representatives confirmed. Although none of these exploits have been discovered in the field yet, it is unlikely attackers will take long building tools to exploit the vulnerabilities.“Because the majority of name servers in operation today run BIND, these vulnerabilities present a serious threat to the Internet infrastructure," CERT said."These vulnerabilities have the potential to take out big chunks of the Internet," says NAI's Jim Magdych. "The things we've come to rely upon in the new economy could be rendered inaccessible."Vulnerable versions of BIND include versions prior to 4.9.8 and 8.2.3, which are secure to these new holes, although upgrading to BIND 9.1 is strongly recommended. Source for all versions of BIND is available from ftp://ftp.isc.org/isc/bind/src/BIND has an unfortunate history of vulnerability, stemming from 1998, when an early buffer overflow triggered a wave of attacks. Despite early warning, intrusion reports were still logged more than six months after the announcement. Since then, administrators have shown poor discipline in patching their systems. Despite this new advisory, it is likely many systems will remain unpatched and highly vulnerable for some time to come.