OpenBSD Journal

y BIND4/8 Vulnerabilities

Contributed by jose on from the name-daemon dept.

ISS XForce has found that the name service deamon BIND from ISC has two remote vulnerabilities. Exploit of the holes allow an attacker to run arbitrary commands on the server (not sure at what priviledge level at this time). According to ISC and ISS this vulnerability can be mitigated by disabling recursion on your name server. BIND4, is the name daemon OpenBSD ships with by default. BIND8 is in ports. BIND9, which is also in ports, does not appear to be vulnerable to this attack according to ISS and ISC.

No know patches are available at this time. According to Todd Miller, OpenBSD appears vulnerable , though mitigated by the use of a chroot environment. However, it's probably worth protecting yourself with systrace (a default named policy is shipped) or disabling recursion if possible. A patch will be available for OpenBSD after one is developed by ISC.

(Comments are closed)


Comments
  1. By Noob () on

    I just looked at the Current source and it looks like they just made a change in named. I'm guessing that an errata patch and stable update may be coming soon.

    I'm very thankful that OpenBSD is the kind of secure operating system where I can have an exploitable process running, and yet feel secure using the tools provided (chroot,systrace,pf). I even went ahead and placed the:

    options no-recursion

    in my /var/named/named.boot
    just to be on the safe side. ;-)

    Thanks again!

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]