Article 10454 at 07/07/27 07:01:44 From: kenmarcus (at mark) precisionweb.net Subject: [coba-e:10454] Re: Bind 9 security issue CVE-2007-2926

Index: [Article Count Order] [Thread]
Date:  Thu, 26 Jul 2007 15:01:34 -0700
From:  "Ken Marcus - Precision Web Hosting, Inc." <kenmarcus (at mark) precisionweb.net>
Subject:  [coba-e:10454] Re: Bind 9 security issue CVE-2007-2926
To:  <coba-e (at mark) bluequartz.org>
Message-Id:  <116001c7cfd0$886a8d20$6700a8c0@OfficeKen>
References:  <200707262109.22302.bq (at mark) solarspeed.net>
X-Mail-Count: 10454


----- Original Message ----- 
From: "Michael Stauber" <bq (at mark) solarspeed.net>
To: "Blue Quartz" <coba-e (at mark) bluequartz.org>
Sent: Thursday, July 26, 2007 12:09 PM
Subject: [coba-e:10452] Bind 9 security issue CVE-2007-2926


> Hi all,
>
> there is an updated Bind9 RPM on the CentOS + BlueQuartz YUM repository.
>
> Anyone who is running a DNS server on his BlueQuartz should urgently run 
> "yum
> update" and install the updated Bind 9 RPM - if your server hasn't already
> fetched it automatically last night.
>
> The updated and therefore fixed Bind 9 RPMs have the following version
> numbers:
>
> bind-utils-9.2.4-27.0.1.el4
> bind-libs-9.2.4-27.0.1.el4
> bind-9.2.4-27.0.1.el4
> bind-chroot-9.2.4-27.0.1.el4
>
> More information on the problem:
>
> http://isc.sans.org/diary.html?storyid=3181
>
> The problem with the vulnerable Bind 9 is quite severe. Basically an 
> attacker
> can poison your DNS cache quite easily and can therefore redirect traffic 
> to
> other hosts than the ones you (or your users) intended to go to. Turning 
> off
> DNS caching prevents this, but for many users this isn't an option.
>
> Poisoning should usually be very difficult, because it should be next to
> impossible to guess or interpolate the correct 16-bit transaction ID,  as
> there are more than 65000 different combinations possible.
>
> However, the Bind programmers screwed up and an attacker just has to do 
> one
> query, check the transaction ID and interpolate three of the 16 bits to 
> guess
> the next valid transaction ID. Three bits boils down to 10 possible
> combinations, so it can be brute-forced easily.
>
> -- 
> With best regards,
>
> Michael Stauber
> http://www.solarspeed.net

Michael


In updating one of my servers I get:
xorg-x11-xfs-6.8.2-1.EL.1 100% |=========================| 264 kB    00:00
---> Package xorg-x11-xfs.i386 0:6.8.2-1.EL.19 set to be updated
--> Running transaction check
--> Processing Dependency: /usr/bin/ttmkfdir for package: xorg-x11-xfs
--> Processing Dependency: xorg-x11-libs = 6.8.2-1.EL.19 for package: 
xorg-x11-xfs
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Package ttmkfdir.i386 0:3.0.9-20.el4 set to be updated
--> Running transaction check
--> Processing Dependency: xorg-x11-libs = 6.8.2-1.EL.19 for package: 
xorg-x11-xfs
--> Finished Dependency Resolution
Error: Missing Dependency: xorg-x11-libs = 6.8.2-1.EL.19 is needed by 
package xorg-x11-xfs


Anyone have any ideas on how to fix this?


For now I just did a
yum update bind
which seems to update it.


----
Ken Marcus
Ecommerce Web Hosting by
Precision Web Hosting, Inc.
http://www.precisionweb.net