[VIM] Recent HP advisories outline BIND problems

Steven M. Christey coley at mitre.org
Thu Feb 16 01:26:00 EST 2006


An update to an HP advisory provided more details on the issue, where
they originally had been extremely vague.

It quotes the ISC web page as saying:

  "BIND4/BIND8 Unsuitable for Forwarder Use... If a nameserver -- any
   nameservEr, whether BIND or otherwise -- is configured to use
   'forwarders', then none of the target forwarders can be running
   BIND4 or BIND8. Upgrade all nameservers used as 'forwarders' to
   BIND9. There is a current, wide scale Kashpureff-style DNS cache
   corruption attack which depends on BIND4 and BIND8 as 'forwarders'
   targets."

This turns out to be related to some series of attacks that took place
in April 2005 and further exposed by Dan Kaminsky in August:

  http://computerworld.com/networkingtopics/networking/story/0,10801,103744,00.html

So it's been publicly known for  a while.

Just FYI in case I'm not the only person who missed all this when it
first happened ;-)

- Steve


More information about the VIM mailing list