Vulnerability Assessment & Network Security Forums
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.
Vulnerability Assessment Details
Detailed Explanation for this Vulnerability Assessment
[Bind version 9, the bind9 package, is not affected by these problems.]
ISS X-Force has discovered several serious vulnerabilities in the Berkeley
Internet Name Domain Server (BIND). BIND is the most common implementation
of the DNS (Domain Name Service) protocol, which is used on the vast
majority of DNS servers on the Internet. DNS is a vital Internet protocol
that maintains a database of easy-to-remember domain names (host names) and
their corresponding numerical IP addresses.
Circumstantial evidence suggests that the Internet Software Consortium
(ISC), maintainers of BIND, was made aware of these issues in mid-October.
Distributors of Open Source operating systems, including Debian, were
notified of these vulnerabilities via CERT about 12 hours before the release
of the advisories on November 12th. This notification did not include any
details that permited us to identify the vulnerable code, much less prepare
Unfortunately ISS and the ISC released their security advisories with only
descriptions of the vulnerabilities, without any patches. Even though there
were no signs that these exploits are known to the black-hat community, and
there were no reports of active attacks, such attacks could have been
developed in the meantime - with no fixes available.
We can all express our regret at the inability of the ironically named
Internet Software Consortium to work with the Internet community in handling
this problem. Hopefully this will not become a model for dealing with
security issues in the future.
The Common Vulnerabilities and Exposures (CVE) project identified the
These problems have been fixed in version 8.3.3-2.0woody1 for the current
stable distribution (woody), in version 8.2.3-0.potato.3 for the previous stable
distribution (potato) and in version 8.3.3-3 for the unstable distribution
(sid). The fixed packages for unstable will enter the archive today.
We recommend that you upgrade your bind package immediately, update to
bind9, or switch to another DNS server implementation.
Solution : http://www.debian.org/security/2002/dsa-196
Network Security Threat Level: High
Networks Security ID: 6159, 6160, 6161
Vulnerability Assessment Copyright: This script is (C) 2005 Michel Arboi
|HP DL380 G9 8-Core Server 1x E5-2640 v3 2.6GHz 32GB 4x 300GB 15K SAS Rails
|HP DL380 G9 16-Core Server 2x E5-2630 v3 2.4GHz 128GB 8x 146GB 15K SAS P440ar
|HP DL380 G9 16-Core Server 2x E5-2630 v3 2.4GHz 64GB 8x 900GB SAS P440ar Rails
|HP DL380 G9 16-Core Server 2x E5-2630 v3 2.4GHz 32GB 8x 146GB 15K P440ar Rails
No Discussions have been posted on this vulnerability.