ISS scanner and BIND 9 (AUTHORS.BIND)
Kevin Darcy
kcd at daimlerchrysler.com
Fri Feb 10 02:49:03 UTC 2006
Since AUTHORS.BIND returns neither a hostname nor a BIND version, the
vulnerability as described by ISS *does*not*exist* and therefore can be
removed from your organization's checklist.
- Kevin
Bischof, Ralph wrote:
>Hello,
>
> I have a 9.3.1 build of BIND running on a Red Hat Enterprise
>Linux ES4 system. I *must* use the ISS scanner (http://www.iss.net/) to
>discover and mitigate any vulnerabilities on the system before I can
>connect it to the network. When I ran a scan of my box, I found the
>below Medium vulnerability that I need to do something about.
>
>Vulnerability Details:
>M BindHostnameDisclosure: BIND hostname disclosure
>BIND (the Berkeley Internet Name Daemon) is the Domain Name Service for
>Unix systems. BIND versions 9.0 and later could allow
>a remote attacker to obtain sensitive information. By sending
>specially-crafted DNS query for the record AUTHORS.BIND a remote
>attacker may learn the BIND software version and the hostname of the DNS
>server. This information could be helpful in launching
>further attacks.
>Remedy:
>No remedy available as of January 2005.
>
> I know I use the "version" named.conf statement with BIND8 to
>hide the version. Would it also help to put this statement in with my
>BIND9 build? Something like...
>
>options {
> version "unknown";
>};
>
> I appreciate any help! If it's not possible to mitigate this
>through the configuration, I am thinking that I can make a definitive
>argument that I *already* advertise the hostname of the server to the
>Internet public, therefore it's a non-issue.
>
>Thank you,
>--
>Ralph F. Bischof, Jr.
>Any opinion within this communication is not necessarily that of NASA.
>PGP Key - http://pgpkeys.hq.nasa.gov
>
>
>
>
>
>
>
More information about the bind-users
mailing list