Article

DoS flaw discovered in ISC BIND-based DNS servers

Edward Hurley, News Writer

An error in core Internet software could cause domain name system (DNS) servers to shut down.

FOR MORE INFORMATION:

    Requires Free Membership to View

Best Web Links on denial-of-service attacks

CERT's advisory on the ISC BIND 9 vulnerability

For more information about BIND 9.2.1


Feedback on this story? Send your comments to News Writer Edward Hurley

DNS servers translate and locate Internet domain names (such as searchsecurity.com) into the corresponding Internet Protocol (IP) address. The denial-of-service flaw in ISC BIND, software running on DNS servers, could allow attackers to shut down machines and deny access to the Internet.

BIND (Berkeley Internet Name Domain) is ISC's implementation of the Domain Name System (DNS) protocols, including a Domain Name System server and tools to ensure proper operations. Additionally, it includes standard APIs to translate domain names into Internet Protocol addresses and vice versa.

The non-profit Internet Software Consortium (ISC) controls BIND. The group develops and maintains production open source implementations of core Internet protocols, according to ISC's Web site. Many commercial and open source flavors of Unix come with ISC BIND.

The vulnerability is in BIND versions 9 to 9.2.0. Versions 4 and 8 are not affected, according to an advisory from the Computer Emergency Response Team (CERT) based at Carnegie Mellon University in Pittsburgh. Last month, ISC released an updated version, BIND 9.2.1, which corrects the flaw.

Specifically, the flaw involves a logic error that could allow a remote attacker to make the DNS servers shut down. An attacker can cause the shutdown by sending a specific DNS packet designed to trigger an internal consistency check, CERT said.

This vulnerability is present within the dns_message_findtype routine, CERT said. Usually, the rdataset variable is non-null. The flaw forces it to be null or empty. This causes an error and makes the system shut down.

Additionally, it may be possible to accidentally trigger the vulnerability with common queries, especially queries originating from SMTP servers, CERT said.

The machines would have to be manually restarted before they can be used again. Such attacks of DNS servers could cause Internet instability, either locally or in larger areas. Attackers can only shut the machines down. They can't execute arbitrary code or write data to memory.

BIND users are advised to apply a patch from their vendor or upgrade to BIND 9.2.1. Software from companies from Caldera to SuSE to Hewlett-Packard could be affected by the flaw.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: