ISS scanner and BIND 9 (AUTHORS.BIND)

Bischof, Ralph Ralph.Bischof at nasa.gov
Tue Feb 7 14:36:03 UTC 2006


Hello,

	I have a 9.3.1 build of BIND running on a Red Hat Enterprise
Linux ES4 system. I *must* use the ISS scanner (http://www.iss.net/) to
discover and mitigate any vulnerabilities on the system before I can
connect it to the network. When I ran a scan of my box, I found the
below Medium vulnerability that I need to do something about.

Vulnerability Details:
M BindHostnameDisclosure: BIND hostname disclosure
BIND (the Berkeley Internet Name Daemon) is the Domain Name Service for
Unix systems. BIND versions 9.0 and later could allow
a remote attacker to obtain sensitive information. By sending
specially-crafted DNS query for the record AUTHORS.BIND a remote
attacker may learn the BIND software version and the hostname of the DNS
server. This information could be helpful in launching
further attacks.
Remedy:
No remedy available as of January 2005.

	I know I use the "version" named.conf statement with BIND8 to
hide the version. Would it also help to put this statement in with my
BIND9 build? Something like...

options {
	version "unknown";
};

	I appreciate any help! If it's not possible to mitigate this
through the configuration, I am thinking that I can make a definitive
argument that I *already* advertise the hostname of the server to the
Internet public, therefore it's a non-issue.

Thank you,
--
Ralph F. Bischof, Jr.
Any opinion within this communication is not necessarily that of NASA.
PGP Key - http://pgpkeys.hq.nasa.gov



More information about the bind-users mailing list