"A FLAW IN software that supports the Internet's DNS (Domain Name System) for translating text-based Web addresses to numeric IP (Internet Protocol) addresses can put Internet-connected systems at risk, experts warned.
"The flaw lies in two versions of the DNS resolver library, which is not only used in DNS servers, but also in network hardware such as routers and switches, said Joost Pol, a security consultant at Pine Internet in The Hague, Netherlands, on Monday. ""This code was written a long time ago and distributed for free, it is widespread," said Pol, who wrote the first alert on the issue last week. "This is essential software that runs on the client and on the server." "Affected are the Berkeley Internet Name Domain (BIND) DNS resolver library, developed by the Internet Software Consortium, and the Berkeley Software Distribution (BSD) DNS resolver library, according to an advisory released on Friday by the U.S.-based Computer Emergency Response Team Coordination Center (CERT/CC). "A buffer overflow vulnerability in the libraries could allow a remote attacker to take over systems using the affected software by sending a malformed DNS response, according to CERT/CC. After a successful attack on a router, for example, an attacker could tap or divert traffic, said Pol." http://www.infoworld.com/articles/hn/xml/02/07/01/020701hndns.xml The article also mentions applications that might have statically linked to the resolver library code, and questions Microsoft's assertions that their code is not vulnerable, due to the amount of BSD code that was used in Windows 2000. Watch your Linux distributor for updates containing a fix. Mark Post
