'

BIND bug opens domain name servers to attack

A flaw in BIND, a widely used software for locating Internet servers, could allow hackers to take companies' Web sites offline

Researchers have discovered a flaw in widely used software for locating Internet servers, which could allow the software to be shut down by hackers or even by accident. Such a shutdown would keep Web browsers, for example, from being able to locate Web sites.

CERT, an Internet security advisory service, on Tuesday warned that the flaw affects Domain Name System (DNS) servers running version 9 of Berkeley Internet Name Domain (BIND) prior to version 9.2.1. Version 9.2.1 is BIND's current release. "Because the normal operation of most services on the Internet depends on the proper operation of DNS servers, other services could be affected if this vulnerability is exploited," wrote CERT's Ian Finlay in a statement.

The exploit allows a hacker to send a DNS packet designed to trigger an internal consistency check and shut down the server. CERT said that it is also possible to accidentally trigger the vulnerability using common queries found in routine operations.

BIND is used by most companies to identify the domain to which each of their Internet servers belong. For example, a surfer who would like to go to PGP Security's Web site would type "www.pgp.com", but if the company's DNS servers were not available, the surfer's browser wouldn't know where to send the request.

Microsoft's Web sites were unavailable for four days early last year partly due to DNS problems.

CERT said that although the vulnerability can lead to a server shutdown, it does not allow hackers to execute arbitrary code or write data to arbitrary locations in the server's memory. The organisation recommends upgrading to BIND 9.2.1 or applying a vendor-supplied patch.

Many servers do not ship with BIND 9, and would therefore not be vulnerable unless the software were installed separately. Among those that were confirmed as running vulnerable versions of BIND 9 out of the box were Caldera's Open UNIX, some Hewlett-Packard products, Mandrake Linux 8.x, Red Hat Linux 7.1, 7.2 and 7.3, and all currently supported SuSE Linux distributions.

CNET News.com's Robert Lemos contributed to this report.


For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.