---

SecurityFocus: BIND holes mean big trouble

“Serious new security holes have been found in the ubiquitous
BIND name server program, the worst of which jeopardize hundreds of
thousands of computers and make key elements of the Internet’s
infrastructure vulnerable to hack attacks, according to a Monday
morning advisory from the Computer Emergency Response Team
(CERT).”

“The advisory documents four vulnerabilities in BIND, including
two buffer overflows that could allow attackers to remotely gain
unrestricted access to machines running the program, which comes
installed in a dozen different vendor flavors of Unix and Linux.
“Because the majority of name servers in operation today run
BIND, these vulnerabilities present a serious threat to the
Internet infrastructure,”
reads the advisory.”

“California security company Network Associates Inc. (NAI)
discovered the buffer overflows in December, and notified the
Internet Software Consortium (ISC), which maintains BIND. Upgrades
that eliminate the holes are now available from some vendors, and
directly from the ISC, which spent the weekend quietly urging
network operators to upgrade in advance of Monday’s
announcement.”


Complete Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis