The RAZOR Security Team Sponsored by BindView





VLAD The Scanner

Vulnerability Information

1.  BIND weaknesses: nxt, qinv and in.named allows root compromise.

Listed by SANS as the number one security threat it is estimated that 50% of DNS servers connected to the Internet are running vulnerable versions of BIND.

Systems Effected: Any system (UNIX and Linux) running versions of BIND earlier than v.8.2.2 patch level 5/

CVE Entry: CVE-1999-0833, CVE-1999-0009

Related Entries: CVE-1999-0835, CVE-1999-0848, CVE-1999-0849, CVE-1999-0851

Details: Multiple vulnerabilities have been discovered. The first, CVE-1999-0833, has to do with the service failing to properly validate NXT records. This improper validation could allow an intruder to overflow a buffer and execute arbitrary code with the privileges of the name server. CVE-1999-0009 is an inverse name query buffer overflow.

Recommendations: BIND should be disabled on all systems that do not require the service. On machines that are required to run DNS services upgrade to the latest patch level and run BIND as a non-privileged user. It is also recommended to run BIND in a chroot()ed directory structure to protect against these and future vulnerabilities.

Additional Information:

http://www.cert.org/advisories/CA-99-14-bind.html

http://www.sans.org/topten.htm

 

Contact: info@razor.bindview.com | | Bindview Home