CERT warns of BIND problem; Sun patches Solaris flaws

IDG News Service - A flaw in a software tool used to translate text-based Internet domain names into numerical addresses could make parts of the Internet vulnerable to denial-of-service attacks, the CERT Coordination Center at Carnegie Mellon University in Pittsburgh warned yesterday.
The flaw is in certain versions of the Berkeley Internet Name Domain (BIND), a widely used piece of Domain Name System (DNS) software, CERT said in an advisory.
DNS servers running BIND 9 prior to Version 9.2.1 are vulnerable. An attacker could shut down the DNS service on that server by sending a specific DNS packet. The service will then remain unavailable until restarted, CERT said.
BIND 9.2.1 was released May 1 by the Redwood City, Calif.-based Internet Software Consortium (ISC), which distributes BIND free of charge. It is a so-called maintenance release that fixes a number of bugs in 9.2.0 but has no new features, according to the ISC Web site.
DNS servers translate text-based domain names into numeric IP addresses. When those servers go down, users who type Web addresses can't connect to the intended servers, and e-mail sent to affected domains will bounce back.
"If you can trigger something that shuts down the name server, than that is a serious matter," said Petur Petursson, CEO of Men & Mice Inc., a DNS consultancy firm in Reykjavik, Iceland.
"It is normal for a company to run two name servers. If you manage to shoot both of them down, the company will disappear from the Internet," said Petursson.
BIND 9.2.1 is available for free download from the ISC Web site. BIND is also often part of software sold by server software vendors. These vendors may offer their own patches, according to CERT, which urges users of BIND 9 to either upgrade or apply a patch.
In an unrelated security move yesterday, Sun Microsystems Inc. released patches to close two security holes in its Solaris operating system. The holes could have allowed an attacker to take control of vulnerable systems.
The vulnerabilities affect the snmpdx and mibiisa agents that are components of Versions 2.6, 7 and 8 of Solaris, according to an alert from Sun. The two affected agents both run with root privileges, the highest level of access on systems, and are part of the operating system's Simple Network Management Protocol (SNMP) capabilities. The capabilities allow for device configuration and administration. The snmpdx agent monitors SNMP requests and information from the system and forwards relevant information on to mibiisa, Sun said.
The vulnerabilities come in the form of a format string vulnerability in snmpdx and a buffer overflow in mibiisa, Sun said. Both vulnerabilities can be exploited locally and remotely, the company said.
The flaw is mitigated because the vulnerabilities exist only on systems running Sun Solstice Enterprise Master Agent, snmpdx and mibiisa, Sun added.
The patches for affected operating systems are available online.

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.