| US-CERT VU#800113 (CVE-2008-1447) |
|
A vulnerability has been announced by the US-CERT (US Computer Emergency Readiness Team) — http://www.kb.cert.org/vuls/id/800113 — which affects the version of BIND running in versions 4.x and 5.x of Adonis. US-CERT provides the following description: "Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks. […] The following are examples of these deficiencies and defects: - Insufficient transaction ID space - Multiple outstanding requests - Fixed source port for generating queries" BlueCat has released updates to Adonis v4 and v5 that will upgrade the underlying the instance of BIND DNS server to the latest release of the software, now released by ISC, which will mitigate this issue. Customers can obtain more information on how to download and apply the patch in the self-service portal or by contacting support. To further mitigate the risk associated with this issue, customers are encouraged to do one, or all, of the following: 1. Disable recursion Disable recursion by way of Access Control Lists to only allow trusted systems to perform recursive queries. If recursion is unnecessary it should be turned off until systems can be patched. 2. Restrict access Administrators, particularly those who are unable to apply a patch, can limit exposure to this vulnerability by restricting sources that can ask for recursion. Note that restricting access will still allow attackers with access to authorized hosts to exploit this vulnerability. 3. Filter traffic at network perimeters Because the ability to spoof IP addresses is necessary to conduct these attacks, administrators should filter spoofed addresses at the network perimeter. IETF Request for Comments (RFC) documents RFC 2827, RFC 3704, and RFC 3013 describe best current practices (BCPs) for implementing this defense. It is important to understand your network's configuration and service requirements before deciding what changes are appropriate.
For information on this US CERT Vulnerability, please refer to http://www.kb.cert.org/vuls/id/800113.
To obtain more information to correct this BIND vulnerability, please logon to the BlueCat support portal
or contact support@bluecatnetworks.com. |
