[Dshield] BIND patches

Johannes Ullrich jullrich at euclidian.com
Thu Nov 14 12:57:59 GMT 2002

   patches for BIND are now available via regular web download at


   just to repeat: All Bind 4 and Bind 8 versions available so far
have a major bug allowing execution of arbitrary code. If you are
using bind as a name server, please consider:

- apply the patch (you HAVE to do this).
- make sure named does not run as root (verify with 'ps').
- if you haven't done so, setup a 'chroot jail' for bind. This
  is rather simple. Let me know if you need details (there are
  also a couple good FAQs/Howtos for this).
- if your dns server is for internal use only, make sure it is
  firewalled. (port 53 tcp/udp). In many cases you can get away
  with blocking port tcp 53 even for public name servers and only
  accept udp connections on port 53.

You may also consider upgrading to Bind 9, which is a rewrite of the
old (buggy) Bind code. If you don't need all the features, consider
any of the alternative name servers.

BIND exploits have been the tool of choice for a long time. They
have lost some of their luster with people focusing on the much
larger crowd of web servers. However, one of the first worms detected
by DShield was based on a Bind exploit.

jullrich at euclidian.com             Collaborative Intrusion Detection
                                         join http://www.dshield.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20021114/cc212c7a/attachment.bin

More information about the list mailing list