Security vulnerability in Bind9.2.1?
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Wed Jul 3 19:51:19 UTC 2002
Bjorn Johansson <bjorn-bind at loud-n-clear.net> wrote:
> Hi All,
> I was notified of the security vulnerability in Bind, link below:
> http://www.cert.org/advisories/CA-2002-19.html
> According to this announcement, Bind9.2.1 is vulnerable.
No. Read it carefully. The Resolver is vulnerable. ( the resolver
in not in the nameservers itself, it's located in system libraries
and/or applications that call the nameserver)
Resolver code is shipped together with bind, and all versions
from bind seems vulnerable. Those who wrote their own _may_ be safe.
( a lot of folks has grabbed the bind code, sometimes they do not
admit it. Assume you are vulnerable until otherwize proven)
The solution is to upgrade your resolver code ( usually contained
in libc ( libc.so)
A workaround is to make use of bind-9 as resolving nameserver ( the
nameserver that the clients ask), as bind-9 is reported to "normalize"
the attack-packets. Thus replace your current nameserver with bind-9.2.1
> Is this in fact so?
> If so, is there a new version available for Win2000/WinNT?
Yes, bind-9.2.1 is available for download.
> Thanks,
> --
> Bjorn Johansson
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list