Serious security vulnerability in BIND 9 DNS server
August 8, 2007
Various Internet security firms warn that a serious vulnerability in BIND 9, the software widely used in the Web’s DNS addressing system. Most users of this popular software, which include ISPs and large Web hosting providers, are being cautioned to repair the security holes in this software immediately, in order to prevent end users from being victimized by pharming attacks, when they are directed to a website set up by cyber criminals.
BIND 9, or Berkeley Internet Name Domain ver. 9, is among the most widely used software packages used on DNS (Domain Name System) servers.
When an Internet user types a Web address into a browser, the request goes to a DNS server, which finds the corresponding numerical IP address and locates the specific Web site that was requested.
For inherent security reasons, when a browser queries a DNS server, a random 16-bit transactional ID is used to verify the response from the server. But according to Amit Klein, CTO (chief technology officer) at security vendor Trusteer Ltd., the transaction ID isn't random at all and very easy to predict by a would-be attacker.
The vulnerability in BIND 9 could allow a potential hacker to force the DNS server to return an incorrect website to a user, a deceptive method known as DNS cache poisoning, commonly referred to as pharming.
Klein added that the problem exists in all BIND 9 releases when the software is being used in a caching server configuration.
Other security observers also confirmed the problem.
Johannes Ullrich, chief technical officer of the SANS Internet Storm Center wrote “this is very much a feasible attack. It is best to patch and secure your BIND server as soon as conveniently possible.”
Ironically, Klein released his paper the same day that Internet Systems Consortium Inc. issued a security patch for the same problem. ISC is a nonprofit organization and the caretaker of BIND 9, which is used on about 80 percent of the DNS servers on the Internet.
ISC advised users to install an upgrade for BIND 9 from its Web site.
The problem is particularly worrisome since most desktop security software isn't effective at preventing this style of attack, Klein wrote. The attack doesn't directly involve a user’s computer or the DNS server, but rather data that is cached on that server.
Today, most modern DNS servers cache queries, or store them in RAM memory, simply to improve and speed up overall performance.
However, if a potential attacker requests a Web address that isn't stored in the server’s cache, a hacker could flood the cache with falsified information, such as the address of a completely different Web site, which would then be returned for future DNS queries, Klein wrote.
Source: IT World Canada
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing