Thanks for the info
Very much appreciated
Richard
-----Original Message-----
From: Michael Stauber [mailto:bq (at mark) solarspeed.net]
Sent: 26 July 2007 20:09
To: Blue Quartz
Subject: [coba-e:10452] Bind 9 security issue CVE-2007-2926
Hi all,
there is an updated Bind9 RPM on the CentOS + BlueQuartz YUM repository.
Anyone who is running a DNS server on his BlueQuartz should urgently run
"yum update" and install the updated Bind 9 RPM - if your server hasn't
already fetched it automatically last night.
The updated and therefore fixed Bind 9 RPMs have the following version
numbers:
bind-utils-9.2.4-27.0.1.el4
bind-libs-9.2.4-27.0.1.el4
bind-9.2.4-27.0.1.el4
bind-chroot-9.2.4-27.0.1.el4
More information on the problem:
http://isc.sans.org/diary.html?storyid=3181
The problem with the vulnerable Bind 9 is quite severe. Basically an
attacker can poison your DNS cache quite easily and can therefore redirect
traffic to other hosts than the ones you (or your users) intended to go to.
Turning off DNS caching prevents this, but for many users this isn't an
option.
Poisoning should usually be very difficult, because it should be next to
impossible to guess or interpolate the correct 16-bit transaction ID, as
there are more than 65000 different combinations possible.
However, the Bind programmers screwed up and an attacker just has to do one
query, check the transaction ID and interpolate three of the 16 bits to
guess the next valid transaction ID. Three bits boils down to 10 possible
combinations, so it can be brute-forced easily.
--
With best regards,
Michael Stauber
http://www.solarspeed.net
--
This message has been scanned for viruses and dangerous content by
MailScanner, and is believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.