|
|
To print: Select File and then Print from your browser's menu
-------------------------------------------------------------- This story was printed from ZDNet Australia. --------------------------------------------------------------
|
Fears BIND flaw could trigger worm attack By Patrick Gray, 0 November 13, 2002 URL: http://www.zdnet.com.au/news/security/soa/Fears-BIND-flaw-could-trigger-worm-attack/0,130061744,120269910,00.htm
A series of security vulnerabilities have been found in the BIND domain name server (DNS) software, the most common DNS software in the world. Domain name software converts domain names such as www.example.com to numerical Internet protocol addresses, somewhat like a phonebook converting names into phone numbers. If a hacker can take control of a domain name server, they can redirect anyone who accesses that domain to a server of their choice. A security advisory released by Atlanta based company Internet Security Systems (ISS) said "The vulnerabilities described in this advisory affect nearly all currently deployed recursive DNS servers on the Internet... The DNS network is considered a critical component of Internet infrastructure..." The advisory also warns that "Since the vulnerability is widespread, an Internet worm may be developed to propagate by exploiting the flaws in BIND." The security holes effect all versions of BIND excluding version 9. Version 9 of the software is not as widely used as other releases yet, so the vast majority of DNS servers are vulnerable to attack. A destructive worm targeting domain name servers could have serious consequences. Hackers are not known to be exploiting the security flaw yet. Although a patch for the vulnerabilities have not yet been released, concerned system administrators can upgrade to BIND 9.
Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved. |
