[SECURITY-L] * Importante * CAIS-Alerta: Multiplas Vulnerabilidades no BIND4 e BIND8

Qua Nov 13 10:55:46 -02 2002

----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----

From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Multiplas Vulnerabilidades no BIND4 e BIND8
To: <rnp-alerta em cais.rnp.br>, <rnp-seg em cais.rnp.br>
Date: Wed, 13 Nov 2002 10:41:32 -0200 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----

Prezados,

O CAIS esta' repassando o alerta divulgado pela ISS, Internet Security
Systems, entitulado "Multiple Remote Vulnerabilities in BIND4 and BIND8",
tratando da identificacao de tres vulnerabilidades em versões do BIND4 e
BIND8. A exploracao de tais vulnerabilidades pode permitir ataques de
negação de serviço, ou ainda, a execução de código arbitrário remotamente,
em servidores DNS vulneraveis.

Sistemas afetados:

As versoes a seguir são afetadas pela vulnerabilidade "SIG Cached RR
Overflow" (CAN-2002-1219):

    BIND 8: as versões até e inclusive a 8.3.3-REL
    BIND 4: as versões até e inclusive a 4.9.10-REL

As versoes abaixo, são afetadas pela vulnerabilidade "BIND OPT DoS"
(CAN-2002-1220):

    BIND 8: as versões 8.3.0 até e inclusive a 8.3.3-REL

E as seguintes versões são afetadas pela vulnerabilidade "BIND SIG Expiry
Time DoS" (CAN-2002-1221):

    BIND 8: as versões até e inclusive a 8.3.3-REL

Correcoes disponiveis:

Recomenda-se a atualização para as seguintes versões do BIND:
4.9.11, 8.2.7, 8.3.4 ou BIND9, ressaltando que o BIND9 não é afetado por
nenhuma das vulnerabilidades mencionadas neste alerta.

Maiores detalhes sobre as versões recomendadas para atualização, estão
disponíveis em:
	http://www.isc.org/products/BIND/bind-security.html

Maiores informacoes:

	http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469

Identificadores do CVE:  CAN-2002-1219, CAN-2002-1220,
			 CAN-2002-1221  (http://cve.mitre.org)

O CAIS recomenda fortemente aos administradores que mantenham seus
sistemas e aplicativos sempre atualizados.

Atenciosamente,

################################################################
#   CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA / RNP      #
#                                                              #
# cais em cais.rnp.br     http://www.cais.rnp.br                  #
# Tel. 019-37873300    Fax. 019-37873301                       #
# Chave PGP disponivel em: http://www.cais.rnp.br/cais-pgp.key #
################################################################

Internet Security Systems Security Brief
November 12, 2002

Multiple Remote Vulnerabilities in BIND4 and BIND8

Synopsis:

ISS X-Force has discovered several serious vulnerabilities in the Berkeley
Internet Name Domain Server (BIND). BIND is the most common implementation of
the DNS (Domain Name Service) protocol, which is used on the vast majority of
DNS servers on the Internet. DNS is a vital Internet protocol that maintains
a database of easy-to-remember domain names (host names) and their
corresponding numerical IP addresses.

Impact:

The vulnerabilities described in this advisory affect nearly all currently
deployed recursive DNS servers on the Internet. The DNS network is considered
a critical component of Internet infrastructure. There is no information
implying that these exploits are known to the computer underground, and there
are no reports of active attacks. If exploits for these vulnerabilities are
developed and made public, they may lead to compromise and DoS attacks against
vulnerable DNS servers. Since the vulnerability is widespread, an Internet
worm may be developed to propagate by exploiting the flaws in BIND. Widespread
attacks against the DNS system may lead to general instability and inaccuracy
of DNS data.

Affected Versions:

BIND SIG Cached RR Overflow Vulnerability

	BIND 8, versions up to and including 8.3.3-REL
	BIND 4, versions up to and including 4.9.10-REL

BIND OPT DoS

	BIND 8, versions 8.3.0 up to and including 8.3.3-REL

BIND SIG Expiry Time DoS

	BIND 8, versions up to and including 8.3.3-REL

For the complete ISS X-Force Security Advisory, please visit:
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469

______

About Internet Security Systems (ISS) Founded in 1994, Internet Security
Systems (ISS) (Nasdaq: ISSX) is a pioneer and world leader in software
and services that protect critical online resources from an ever-
changing spectrum of threats and misuse. Internet Security Systems is
headquartered in Atlanta, GA, with additional operations throughout the
Americas, Asia, Australia, Europe and the Middle East.

Permission is hereby granted for the electronic redistribution of this
document. It is not to be edited or altered in any way without the
express written consent of the Internet Security Systems X-Force. If you
wish to reprint the whole or any part of this document in any other
medium excluding electronic media, please email xforce em iss.net for
permission.

Disclaimer: The information within this paper may change without notice.
Use of this information constitutes acceptance for use in an AS IS
condition. There are NO warranties, implied or otherwise, with regard to
this information or its use. Any use of this information is at the
user's risk. In no event shall the author/distributor (Internet Security
Systems X-Force) be held liable for any damages whatsoever arising out
of or in connection with the use or spread of this information.

X-Force PGP Key available on MIT's PGP key server and PGP.com's key
server, as well as at http://www.iss.net/security_center/sensitive.php

Please send suggestions, updates, and comments to: X-Force
xforce em iss.net of Internet Security Systems, Inc.

[SECURITY-L] *** Importante *** CAIS-Alerta: Multiplas Vulnerabilidades no BIND4 e BIND8

[SECURITY-L] * Importante * CAIS-Alerta: Multiplas Vulnerabilidades no BIND4 e BIND8