November 28th, 2001, 04:09 PM
I dont know alot about *.nix security but i thought this may be informative for some of you. It's an article i've read from SANS.org about the weaknesses in BIND.
BIND weaknesses: nxt, qinv and in.named allow immediate root compromise.
The Berkeley Internet Name Domain (BIND) package is the most widely used implementation of Domain Name Service (DNS) -- the critical means by which we all locate systems on the Internet by name (e.g., www.sans.org) without having to know specific IP addresses -- and this makes it a favorite target for attack. Sadly, according to a mid-1999 survey, about 50% of all DNS servers connected to the Internet are running vulnerable versions of BIND. In a typical example of a BIND attack, intruders erased the system logs, and installed tools to gain administrative access. They then compiled and installed IRC utilities and network scanning tools, which they used to scan more than a dozen class-B networks in search of additional systems running vulnerable versions of BIND. In a matter of minutes, they had used the compromised system to attack hundreds of remote systems abroad, resulting in many additional successful compromises. This illustrates the chaos that can result from a single vulnerability in the software for ubiquitous Internet services such as DNS.
Multiple UNIX and Linux systems
As of May 22, 2000, any version earlier than BIND v.8.2.2 patch level 5 is vulnerable.