« More Press Releases

January 29, 2001

PITTSBURGH— A newly discovered  vulnerability in arguably the Internet’s single most important software package  threatens the Internet’s integrity. On Monday, January 29, the CERT Coordination  Center (CERT/CC) and the COVERT Labs at PGP Security simultaneously released  advisories describing serious new vulnerabilities in BIND, the most commonly  used software for domain name system (DNS) servers. DNS servers translate names  suitable for use by humans (such as www.cert.org) into network addresses suitable  for use by computers.

The vulnerabilities,  which were discovered by COVERT Labs, could allow intruders to gain control  of the machines used for name-to-number translation, possibly allowing intruders  to change these mappings. The result of a change in mapping could be devastating:  Internet traffic such as Web access, electronic mail, and file transfers could  be redirected to arbitrary sites chosen by an intruder. Furthermore, intruders  could use these vulnerabilities to disable access to or from their chosen victims,  effectively cutting them off from the rest of the Internet. Virtually every  site on the Internet depends on one or more name servers; the CERT/CC conservatively  estimates that more than 80% of the name servers on the Internet are vulnerable  to one or more of these problems. The CERT/CC urges system and network administrators  of vulnerable organizations to upgrade their versions of BIND immediately to  a non-vulnerable version such as 4.9.8, 8.2.3, or 9.1, depending on the existing  local configuration. Technical information and advice on upgrading is available  at http://www.cert.org/advisories/CA-2001-02.html.       

Since 1997, the CERT/CC has  published 12 documents describing vulnerabilities in BIND, including information  about active exploitation of these vulnerabilities. Unfortunately, not all system  and network administrators heeded the advice. On November 10, 1999, the CERT/CC  published CA-1999-14, which detailed multiple vulnerabilities in BIND. The CERT/CC  continued to receive reports of compromises based on those vulnerabilities through  December of 2000. On April 8, 1998, the CERT/CC published CA-1998-05; reports  of compromises based on the vulnerabilities described therein continued through  November of 1998.     

Compounding the problem  is the rapid pace at which intruders develop exploits for newly discovered vulnerabilities.  In the case of CA-1998-05, an exploit appeared within six weeks. In the case  of CA-1999-14, an exploit appeared within one week. The CERT/CC is concerned  that exploits for these new vulnerabilities will appear equally quickly and  that unless vulnerable software is updated now, many networks may be at risk.  The CERT/CC is now taking the unusual step of issuing a press release to alert  organizations to take action to prevent potentially devastating compromises. 

      ® CERT and CERT Coordination  Center are registered in the U.S. Patent and Trademark Office.

Help us improve

Visitor feedback helps us continually improve our site.

Please tell us what you
think with this short
(< 5 minute) survey.