ISS reports more BIND flaws

New vulnerabilities have been discovered in the common Berkeley Internet Name Domain (BIND) domain name system (DNS) software that could allow hackers to carry out denial-of-service attacks against servers using BIND, according to an advisory issued on Tuesday by security company Internet Security Systems (ISS).

The ISS advisory details three separate vulnerabilities. All three of those vulnerabilities make BIND susceptible to denial-of-service attacks from Internet users or rogue DNS administrators. One of the three vulnerabilities also involves a buffer overflow condition in the BIND code that could enable malicious code to be placed and executed on the machine running the name server software.

The newly discovered vulnerabilities all allow hackers to use what are referred to as "malformed requests" to attack BIND. Such attacks rely on passing invalid or improperly formatted information to the BIND DNS, targeting specific weaknesses in the way the BIND code processes requests, to cause the DNS server to fail, according to Dan Ingevaldson, team leader of ISS's X-Force security research group.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

New vulnerabilities have been discovered in the common Berkeley Internet Name Domain (BIND) domain name system (DNS) software that could allow hackers to carry out denial-of-service attacks against servers using BIND, according to an advisory issued on Tuesday by security company Internet Security Systems (ISS).

The ISS advisory details three separate vulnerabilities. All three of those vulnerabilities make BIND susceptible to denial-of-service attacks from Internet users or rogue DNS administrators. One of the three vulnerabilities also involves a buffer overflow condition in the BIND code that could enable malicious code to be placed and executed on the machine running the name server software.

The newly discovered vulnerabilities all allow hackers to use what are referred to as "malformed requests" to attack BIND. Such attacks rely on passing invalid or improperly formatted information to the BIND DNS, targeting specific weaknesses in the way the BIND code processes requests, to cause the DNS server to fail, according to Dan Ingevaldson, team leader of ISS's X-Force security research group.

While two of the newly discovered vulnerabilities require the attacker to have access to their own authoritative DNS name server in order to pass invalid requests to the targeted BIND DNS servers, ISS's Ingevaldson said that such attacks are not uncommon.

"It's not a difficult requirement," said Ingevaldson of an attacker hosting their own name server. "We've seen all types of distributed exploits that require an authoritative name server."

An authoritative name server is registered as the official DNS server for a particular Internet domain.

The vulnerabilities affect earlier versions of BIND including BIND 4 and the more recent BIND 8 distributions, up to and including 8.3.3, according to ISS.

ISS contacted the Internet Software Consortium (ISC), which maintains BIND, in late October regarding the vulnerabilities, according to Ingevaldson.

BIND 4 is generally not supported by ISC, though the consortium continues to issue security patches for it. But BIND 8 is still commonly used, according to Ingevaldson and the ISC's Web site. BIND 9 is not affected by any of the vulnerabilities in ISS's advisory, according to Ingevaldson.

The ISC Web site recommends that DNS administrators upgrade to BIND 9 to remove exposure to many of the reported BIND vulnerabilities. The Web site also says "New BIND 4 & 8 releases are coming soon," and provides an e-mail address for software vendors to speak to the ISC about patches.

The ISC could not be reached for comment and it is not clear whether patches for the newly discovered vulnerabilities are available.

DNS is a core Internet protocol that matches easy-to-remember domain names such as www.idg.com with numeric Internet Protocol addresses recognized by machines.

BIND is the most commonly used type of DNS server software on the Internet, but has come under increasing scrutiny for security holes. The Federal Bureau of Investigation's list of the top 20 security vulnerabilities, released in October, listed BIND and DNS as a top concern.

The IDG News Service is a Network World affiliate.