BIND9, ISS and AUTHORS.BIND

Bischof, Ralph Ralph.Bischof at nasa.gov
Tue Feb 14 21:33:29 UTC 2006 

Hello Bill and all, 

> -----Original Message-----
> From: bind-users-bounce at isc.org 
> [mailto:bind-users-bounce at isc.org] On Behalf Of Bill Larson
> Sent: Wednesday, February 08, 2006 10:48 PM
> To: comp-protocols-dns-bind at isc.org
> Subject: Re: BIND9, ISS and AUTHORS.BIND

> At
> http://documents.iss.net/literature/InternetScanner/reports/
> Line_Mgmt_Host_Vulnerability_Summary_Report.pdf, there is an 
> example of the report that the ISS scanner produces.  In 
> particular, the example given identifies "BIND servers can be 
> remotely queried for their version", and the associated 
> severity of this discovery is listed as "low" (not medium). 

Actually, that is a different check than the one I originally posted.
You are correct, BindVrs is a low. BindHostnameDisclosure is a BIND9
check that is a Medium. See below...

Vulnerability Details:
M BindHostnameDisclosure: BIND hostname disclosure
BIND (the Berkeley Internet Name Daemon) is the Domain Name Service for
Unix systems. BIND versions 9.0 and later could allow
a remote attacker to obtain sensitive information. By sending
specially-crafted DNS query for the record AUTHORS.BIND a remote
attacker may learn the BIND software version and the hostname of the DNS
server. This information could be helpful in launching
further attacks.
Remedy:
No remedy available as of January 2005.

L bindvrs: BIND servers can be remotely queried for their version
numbers
BIND (Berkeley Internet Name Domain) servers support the ability to be
remotely queried for their version numbers. An attacker
could use this feature to query computers for vulnerable versions of
BIND. This information could be useful to an attacker in
performing an attack.
Remedy:
Disable the BIND version query feature. Refer to the BIND documentation
for information on this procedure.
 
> Then again, maybe this person shouldn't be trying to provide 
> any network services, including DNS services.  Remember that 
> the original poster is working for a US Government organization.

NASA has a public presence to the Internet community and the world.
Please see http://www.nasa.gov/ 

Thank you,
--
Ralph F. Bischof, Jr.
Any opinion within this communication is not necessarily that of NASA.
PGP Key - http://pgpkeys.hq.nasa.gov

More information about the bind-users mailing list