Feeds

Upgrade bug causes awkward BIND

For some users

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

A small number of users upgrading their Domain Name System (DNS) servers to guard against a major exploit in BIND have become entangled in a denial of service issue.

The problem in updating from BIND (Berkeley Internet Name Domain) 4.9.x or 8.2.x to 9.1.0 is more a case of getting your hair singed than of jumping from the frying pan into the fire. This is because the DoS problem, though irritating, is much less serious than the earlier flaw.

On updating to BIND 9.1.0, some BSD users have experienced intermittent failures when running nmap.

Deri Jones, security services director at security testing specialists NTA Monitor, said: "The root cause appears to be a flaw in certain operating systems only, and the cause is the kernel returning a routine successfully but without in fact setting the right parameters."

"This is a small issue, involving low level kernel stuff, and shouldn't put people off upgrading their DNS software," he added.

According to postings on security mailing list, BugTraq, the issue has been reported by Free- Open- and NetBSD sites, and "some Linux users".

When BIND 9.1.1 is released it will include a work around so that such kernel flaws do not stop BIND working.

BIND is an open-source software program which has become the de-facto standard for DNS servers on the Internet. Around 80 per cent of DNS servers run BIND.

In January, a notice outlining a series of severe security problems with BIND was posted by CERT. The advisory documents four vulnerabilities in BIND, including two buffer overflows that could allow attackers to remotely gain unrestricted access to machines running the program. ®

External link:
NTA Monitor

Related stories

BIND holes mean big trouble on the Net
Plan to charge for BIND security info
McHackers use DNS exploit to poke fun
Microsoft outsources some DNS servers to Linux

Choosing a cloud hosting partner with confidence

More from The Register

next story
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
Desperate VXers enslave FREEZERS in DDoS bot
Updated Spike malware targets Asia
Heatmiser digital thermostat users: For pity's sake, DON'T SWITCH ON the WI-FI
A stranger turns up YOUR heat with default password 1234
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.