malko twyrde kysno ama wse pak moje oshte da ne ste chuli... towa e golqm problem i ako ste administrator na name server wzemete merki. -- Boyan Krosnov (http://www.nat.bg/~bkrosnov) Network Administrator Lirex BG Ltd. > -----Original Message----- > From: Aleph One [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, November 15, 2000 8:37 PM > To: [EMAIL PROTECTED] > Subject: CERT Advisory CA-2000-20 > > > -----BEGIN PGP SIGNED MESSAGE----- > > CERT Advisory CA-2000-20 Mulitple Denial-of-Service Problems > in ISC BIND > > Original release date: November 13, 2000 > Source: CERT/CC > > A complete revision history is at the end of this file. > > Systems Affected > > * Systems running Internet Software Consortium (ISC) BIND version > 8.2 through 8.2.2-P6 > * Systems running name servers derived from BIND version > 8.2 through > 8.2.2-P6 > > Overview > > The CERT Coordination Center has recently learned of two serious > denial-of-service vulnerabilities in the Internet Software > Consortium's (ISC) BIND software. > > The first vulnerability is referred to by the ISC as the "zxfr bug" > and affects ISC BIND version 8.2.2, patch levels 1 through 6. The > second vulnerability, the "srv bug", affects ISC BIND versions 8.2 > through 8.2.2-P6. Derivatives of the above code sets should also be > presumed vulnerable unless proven otherwise. > > I. Description > > The Internet Software Consortium, the maintainer of BIND, > the software > used to provide domain name resolution services, has > recently posted > information about several denial-of-service vulnerabilities. If > exploited, any of these vulnerabilities could allow remote > intruders > to cause site DNS services to be stopped. > > For more information about these vulnerabilities and others, please > see > > http://www.isc.org/products/BIND/bind-security.html > > Two vulnerabilities in particular have been categorized by both the > ISC and the CERT/CC as being serious. > > The "zxfr bug" > > Using this vulnerability, attackers on sites which are permitted to > request zone transfers can force the named daemon running on > vulnerable DNS servers to crash, disrupting name resolution service > until the named daemon is restarted. The only > preconditions for this > attack to succeed is that a compressed zone transfer > (ZXFR) request be > made from a site allowed to make any zone transfer request > (not just > ZXFR), and that a subsequent name service query of an authoritative > and non-cached record be made. The time between the attack and the > crash of named may vary from system to system. > > This vulnerability has been discussed in public forums. The ISC has > confirmed that all platforms running version 8.2.2 of the BIND > software prior to patch level 7 are vulnerable to this attack. > > The "srv bug" > > This vulnerability can cause affected DNS servers running > named to go > into an infinite loop, thus preventing further name requests to be > handled. This can happen if an SRV record (defined in > RFC2782) is sent > to the vulnerable server. > > Microsoft's Windows 2000 Active Directory service makes > extensive use > of SRV records and is reportedly capable of triggering > this bug in the > course of normal operations. This is not, however, a > vulnerability in > Microsoft Active Directory. Any network client capable of > sending SRV > records to vulnerable name server systems can exercise this > vulnerability. > > The CERT/CC has not received any direct reports of either of these > vulnerabilities being exploited to date. > > Both vulnerabilities can be used by malicious users to > break the DNS > services being offered at all exposed sites on the Internet. System > administrators are strongly recommended to upgrade their > DNS software > with either ISC's current distribution or their vendor-supplied > software. See the Solution and Vendor Information sections of this > document for more details. > > II. Impact > > Domain name resolution services (DNS) can be disabled on affected > servers from arbitrary remote hosts. > > III. Solution > > Apply a patch from your vendor > > The CERT/CC recommends that all users of ISC BIND upgrade to the > recently-released BIND 8.2.2-P7, which patches both of the > vulnerabilities discussed in this document. Sites running > vendor-specific distributions of domain name resolution software > should check the Vendor Information section below for more specific > information on how to upgrade to non-vulnerable software. > > Restrict zone transfers to trusted hosts > > If it is not possible to immediately upgrade systems > affected by the > "zxfr bug", the ISC suggests not allowing zone transfers from > untrusted hosts. This action, however, will not mitigate > against the > effects of an attack using the "srv bug". > > Although it has been reported that not allowing recursive > queries may > help mitigate against the "zxfr" vulnerability, ISC has > indicated that > this is not the case. > > Appendix A. Vendor Information > > The Internet Software Consortium > > For the latest information regarding these vulnerabilities, please > consult the ISC web site at: > > http://www.isc.org/products/BIND/bind-security.html > > Caldera > > Our advisory will be available [at]: > > > http://www.calderasystems.com/support/security/advisories/CSSA > -2000-040.0.txt > > Updated packages will be available from > OpenLinux Desktop 2.3 > ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current > 9d8429f25c5fb3bebe2d66b1f9321e61 RPMS/bind-8.2.2p7-1.i386.rpm > 0e958eb01f40826f000d779dbe6b8cb3 RPMS/bind-doc-8.2.2p7-1.i386.rpm > 866ff74c77e9c04a6abcddcc11dbe17b RPMS/bind-utils-8.2.2p7-1.i386.rpm > 6a545924805effbef01de74e34ba005e SRPMS/bind-8.2.2p7-1.src.rpm > OpenLinux eServer 2.3 > ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current > 379c4328604b4491a8f3d0de44e42347 RPMS/bind-8.2.2p7-1.i386.rpm > b428b824c8b67f2d8d4bf53738a3e7e0 RPMS/bind-doc-8.2.2p7-1.i386.rpm > 28311d630281976a870d38abe91f07fb RPMS/bind-utils-8.2.2p7-1.i386.rpm > 6a545924805effbef01de74e34ba005e SRPMS/bind-8.2.2p7-1.src.rpm > OpenLinux eDesktop 2.4 > ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current > c37b6673cc9539e592013ac114846940 RPMS/bind-8.2.2p7-1.i386.rpm > bbe0d7e317fde0d47cba1384f6d4b635 RPMS/bind-doc-8.2.2p7-1.i386.rpm > 5c28dd5641a4550c03e9859d945a806e RPMS/bind-utils-8.2.2p7-1.i386.rpm > 6a545924805effbef01de74e34ba005e SRPMS/bind-8.2.2p7-1.src.rpm > > Compaq Computer Corporation > > SOURCE: Compaq Computer Corporation > Compaq Services > Software Security Response Team USA > > Compaq Tru64/UNIX Operating Systems Software are not vulnerable to > these reported problems. > > Conectiva > > Please see Conectiva Linux Security Announcement CLSA-2000:339 at: > > > http://listserv.securityportal.com/SCRIPTS/WA-SECURITYPORTAL.E > XE?A1=ind0011&L=linux-security#27 > > Note: Conectiva Linux Security Announcement CLSA-2000:338, also > regarding this issue, had a packaging error in it. Users who > downloaded updates based on CLSA-2000:338 should see > CLSA-2000:339 for > further information. > > Debian > > Please see Debian Security notice 20001112, bind at: > > http://www.debian.org/security/2000/20001112 > > FreeBSD > > All versions of FreeBSD after 4.0-RELEASE (namely 4.1-RELEASE, > 4.1.1-RELEASE and the forthcoming 4.2-RELEASE) are not > vulnerable to > this bug since they include versions of BIND 8.2.3. FreeBSD > 4.0-RELEASE and earlier are vulnerable to the reported > problems since > they include an older version of BIND, and an update to a > non-vulnerable version is scheduled to be committed to FreeBSD > 3.5.1-STABLE in the next few days. > > Hewlett-Packard > > HP is vulnerable to these problems and is working to correct them. > > MandrakeSoft > > Please see "MDKSA-2000:067: bind" at: > > http://www.linux-mandrake.com/en/security/MDKSA-2000-067.php3 > > Microsoft Corporation > > Microsoft is currently investigating these issues. > > NetBSD > > NetBSD is believed to be vulnerable to these problems; in response, > NetBSD-current has been upgraded to 8.2.2-P7 and 8.2.2-P7 will be > present in the forthcoming NetBSD 1.5 release. > > RedHat > > Please see "RHSA-2000:107-01: Updated bind packages fixing DoS > attack", soon to be available at: > > http://www.redhat.com/support/errata/ > > Slackware > > Updated Slackware distributions for bind may be found at: > > > ftp://ftp.slackware.com/pub/slackware/slackware-current/slakwa > re/n1/bind.tgz > > > ______________________________________________________________________ > > The CERT Coordination Center thanks Mark Andrews, David Conrad, and > Paul Vixie of the ISC for developing a solution and > assisting in the > preparation of this advisory. We would also recognize the > contribution > of Olaf Kirch in helping us understand the exact nature of > the "zxfr > bug" vulnerability. > > ______________________________________________________________________ > > Author: This document was written by Jeffrey S. Havrilla > and Jeffrey > P. Lanza. Feedback on this advisory is appreciated. > > ______________________________________________________________________ > > This document is available from: > http://www.cert.org/advisories/CA-2000-20.html > > ______________________________________________________________________ > > CERT/CC Contact Information > > Email: [EMAIL PROTECTED] > Phone: +1 412-268-7090 (24-hour hotline) > Fax: +1 412-268-6989 > Postal address: > CERT Coordination Center > Software Engineering Institute > Carnegie Mellon University > Pittsburgh PA 15213-3890 > U.S.A. > > CERT personnel answer the hotline 08:00-20:00 EST(GMT-5) / > EDT(GMT-4) > Monday through Friday; they are on call for emergencies > during other > hours, on U.S. holidays, and on weekends. > > Using encryption > > We strongly urge you to encrypt sensitive information sent > by email. > Our public PGP key is available from > > http://www.cert.org/CERT_PGP.key > > If you prefer to use DES, please call the CERT hotline for more > information. > > Getting security information > > CERT publications and other security information are available from > our web site > > http://www.cert.org/ > > To subscribe to the CERT mailing list for advisories and bulletins, > send email to [EMAIL PROTECTED] Please include in the > body of your > message > > subscribe cert-advisory > > * "CERT" and "CERT Coordination Center" are registered in the U.S. > Patent and Trademark Office. > > ______________________________________________________________________ > > NO WARRANTY > Any material furnished by Carnegie Mellon University and > the Software > Engineering Institute is furnished on an "as is" basis. Carnegie > Mellon University makes no warranties of any kind, either > expressed or > implied as to any matter including, but not limited to, warranty of > fitness for a particular purpose or merchantability, exclusivity or > results obtained from use of the material. Carnegie Mellon > University > does not make any warranty of any kind with respect to freedom from > patent, trademark, or copyright infringement. > _________________________________________________________________ > > Conditions for use, disclaimers, and sponsorship information > > Copyright 2000 Carnegie Mellon University. > > Revision History > November 13, 2000: Initial release > > > -----BEGIN PGP SIGNATURE----- > Version: PGP for Personal Privacy 5.0 > Charset: noconv > > iQCVAwUBOhBkogYcfu8gsZJZAQHhKQP+Pd9/Qay+mubBlOQxVXPtfm5JmKj8dYfJ > DnxcIT9qXQFUrq1nVs48fLYhwNtA/fisjZKY6KMkYaw+r+nJVYMz1veP+//sVo7P > GDBMPUyrWmAGXVfUfIS3zjfWybqCm5+u4a4jDCWTy+n0oSyZ3ExBRPIZbPn1rUL5 > RcqWcCJU5uY= > =jikH > -----END PGP SIGNATURE----- > ================================================================== A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers) Otpiswaneto RABOTI !!! : [EMAIL PROTECTED] UNSUBSCRIBE LUG-BG http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
