Bind DOS vulnerability (CVE-2011-0414)

Published: 2011-02-23
Last Updated: 2011-02-23 18:39:52 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
0 comment(s)

Internet Software Consortium published today an advisory for the BIND software. For versions 9.7.1-9.7.2-P3, when a server that is authoritative for a domain (i.e. owns the SOA record) process a successful domain transfer operation (IXFR) or a dynamic update, there is a small window of time where this processing combined with a high amount of queries can cause a deadlock, which makes the DNS server stop processing further requests.

Bind is one of the preferred targets for attackers on the Internet. If you have bind installed in your company, please remember the following basic security measures:

  • Only allow IXFR transfers from known secondary servers of your domain. You don't want to let people know all the list of public ip address associated with your domain
  • Keep separated your internal DNS information from your external DNS information. Some DNS provides information about private addresses used inside the corporate network.
  • Allow recursive requests only from your internal DNS. If you allow recursive requests from the Internet, you are exposed to a distributed denial of service.

To solve the problem, upgrade to BIND 9.7.3. More information at http://www.isc.org/software/bind/advisories/cve-2011-0414 

-- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org

Keywords: Bind CVE20110414
0 comment(s)

Windows 7 Service Pack 1 out

Published: 2011-02-23
Last Updated: 2011-02-23 16:17:41 UTC
by Johannes Ullrich (Version: 1)
4 comment(s)

Microsoft made the first service pack for Windows 7 and 2008 R2 available for public download. This service pack is essentially a "roll up patch" including most security patches and hot fixes released so far.

Aside from patches, service packs typically include some improvements and new features. From a security point of view, RemoteFX may be of interest. RemoteFX extends RDP to allow a more "complete" remote desktop access including access to USB drives from example, more in line with virtual machine desktop clients that can use a local drive to load data on a remote virtual machine.

DirectAccess has been improved as well. DirectAccess requires the use of IPv6, and with SP 1, 6to4 as well as ISATAP are supported.

The RemoteFX and DirectAccess enhancements only affect Windows 2008 R2, not Windows 7.

Some twitter reports suggest that the service pack install may fail if bitlocker is used. If you experience any issues: Please let us know.

http://technet.microsoft.com/en-us/library/ff817622%28WS.10%29.aspx

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

4 comment(s)

Comments

What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
https://defineprogramming.com/
https://defineprogramming.com/
Enter comment here... a fake TeamViewer page, and that page led to a different type of malware. This week's infection involved a downloaded JavaScript (.js) file that led to Microsoft Installer packages (.msi files) containing other script that used free or open source programs.
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
Enter corthrthmment here...

Diary Archives