Users urged to patch serious hole in BIND 9 DNS server
BIND 9 is among the most widely used software packages used on DNS servers
IDG News Service - A security researcher has reported a serious vulnerability in BIND 9, the software widely used in the Internet's DNS addressing system.
Users of the software, which include Internet providers and large companies, are being advised to patch the software immediately to prevent end users from being vulnerable to pharming attacks, when they are directed to a Web site set up by criminals.
BIND 9, or Berkeley Internet Name Domain 9, is among the most widely used software packages used on DNS servers. When a user types a Web address into a browser, the request goes to a DNS server, which finds the corresponding numerical IP address and locates the Web site.
For security purposes, when a browser queries a DNS server, a random 16-bit transaction ID is used to verify the response from the server. However, according to Amit Klein, chief technology officer at security vendor Trusteer Ltd., the transaction ID is not random at all. "On the contrary, this transaction ID is very predictable," he wrote in a paper describing the problem this week.
The vulnerability in BIND 9 could allow an attacker to force the DNS server to return an incorrect Web site to a user, a trick known as DNS cache poisoning, or pharming. The problem exists in all BIND 9 releases when the software is being used in a caching server configuration, Klein wrote.
Other security watchers confirmed the problem. "This is very much a feasible attack," wrote Johannes Ullrich, chief technical officer at the SANS Internet Storm Center. "Best to patch your BIND server soon."
Klein released his paper on Monday, the same day that Internet Systems Consortium issued a patch for the problem. ISC is a nonprofit company and the caretaker of BIND 9, which is used on some 80% of the DNS servers on the Internet. Trusteer said it notified ISC of the problem on May 29.
ISC advised users to install an upgrade for BIND 9 from its Web site.
The problem is particularly worrisome since desktop security software is not effective at preventing this style of attack, Klein wrote. The attack does not directly involve a user's computer or the DNS server, but rather data that is cached on the server.
Most DNS servers cache queries, or store them in memory, to improve performance. But if an attacker requests a Web address that is not stored in the server's cache, a hacker could flood the cache with false information -- such as the address of a different Web site -- which would then be returned for future DNS queries, Klein wrote.
That means a user could be directed to a fraudulent Web site, even though the user typed the correct address in their browser. The site could then try to exploit other security weaknesses in a user's PC, or trick them into providing sensitive information.
Because the transaction ID is not random and can be figured out, an attacker could execute the attack with as few as a single attempts, Klein wrote. "This is a powerful attack, as it retracts the security of BIND 9 to almost where it was over a decade ago," he said.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts