ðòïåëôù 

  áòèé÷ 

Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 

  ðåòóïîáìøîïå 

  ðòïçòáííù 

ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] DNS vulnerability announced by NISCC today


http://isc.sans.org/diary.php?n&storyid=1290
DNS vulnerability announced by NISCC today (NEW)
Published: 2006-04-25,
Last Updated: 2006-04-25 23:45:13 UTC by donald smith (Version: 1)

NISCC has published an advisory about a potential DNS vulnerability
today: http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html

These issues were discovered by use of the Oulu University Secure
Programming Group's new PROTOS test-suite c09-dns. This tool is not
currently public.

Their abstract (aka description) states:
"Abstract: The vulnerabilities described in this advisory affect
implementations of the Domain Name System (DNS) protocol. Many vendors
include support for this protocol in their products and may be impacted
to varying degrees, if at all. "

Notice they state "affect implementations" which implies it is not a
vulnerability in the basic DNS protocol rather it is an issue in how
some of the vendors implemented that protocol.

This link has a list of vendors who have responded with vulnerability
information so far.
http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en 

Not many vendors provided vulnerability details on their products.

The Internet Software Consortium (http://isc.org/) authors of (BIND)
provided a detailed response. Juniper Networks
(http://www.juniper.net/), Delegate (http://www.delegate.org/) and pdnsd
(http://www.phys.uu.ne/~rombouts/ )also provided specific details. In
each case the impact appears to be DOS not a remote code execution. 

Hitachi and Wind River state that they believe they are not vulnerable.

Microsoft, Sun and Ethereal all reported that they are reviewing or
testing for these issues.

 

PATCHES
ISC (BIND), MyDNS, Juniper Networks, pdnsd all announced
vulnerabilities.
All but ISC have released patches or upgrades for them.


ISC has not released a patch but based on their analysis their
vulnerability is a very low risk. Its appears to be based on an
malformed 2nd tsig packet. If you understand tsig you understand why
this should not be much of a threat as they have already established a
trust relationship.

The pdnsd maintainer, Paul A Rombouts,  recommends upgrading to version
1.2.4 or later of pdnsd. http://www.phys.uu.nl/~rombouts/pdnsd.html
 

MyDNS 1.1.0 has a fix for a "query-of-death" DOS and can be found here:
http://mydns.bboy.net

Juniper Networks has several upgrade options for their e-series routers
which are the only routers mentioned as having a vulnerability. You may
need a Juniper networks account to get access to those updates.
According to the vendor document above  "The issue was resolved in the
following JUNOSeupdates: 5-3-5p0-2, 6-0-3p0-6, 6-0-4, 6-1-3p0-1,
7-0-1p0-7, 7-0-2, 7-1-0p0-1, 7-1-1. Later JUNOSe releases are
unaffected."

 



Copyright © Lexa Software, 1996-2009.