CERT Amends DNS Flaw Fix - InternetNews.com

REALTIME IT NEWS

Blogs | 7 Day Summary | JustTechJobs

Hardware
- Cisco, VMware, EMC Forge ...
- Mobile Tweeting Device ...
- Cisco Acquires Chinese ...
Software
- Microsoft Targets Salesforce ...
- Kaspersky Offers Macs a ...
- Microsoft Readies 'Premium' ...
Mobility
- Nokia Latest to Play Opera ...
- Spring Design Sues Barnes & ...
- Marvell, E Ink Team Up for ...
Web Content
- Adobe's ConnectPro Update ...
- Most Enterprises Lack a ...
- Social Networks: IT Giants ...
Search
- Yahoo, Microsoft Still ...
- Bartz: Yahoo Will Rise Again
- The 'Netflix' of Tech ...
Government
- Ruiz Insider Trading Charge ...
- Looking for Reason in the ...
- Citizens Happier Than Ever ...
Developer
- PayPal Opens Up Payment ...
- Ubuntu Linux 9.10 'Karmic ...
- IBM Links Rational Developer ...
Business
- Stocks Mixed Ahead of ...
- Google Helps With the ...
- Windows 7 Shows Signs of ...
Storage
- Micron Flash Advance: Live ...
- Storage Players Forge Cloud ...
- Hitachi Looks to the Cloud ...
E-Commerce
- Craigslist's Newmark on ...
- Google Sings a New Search ...
- Disney's Key to the Digital ...
Networking
- ScaleMP Adds Cloud ...
- Broadband Market Still ...
- Intel, EMC Team on More ...

Blogs
Most Popular
Hot Topics
Opinion

AMD opening shop in the Middle East?

Creative: cooking up an e-reader?

Google Chrome 4 Beta debuts including bookmark sync

Open Source Skype? Not yet, but soon

Google Back to Full Speed on Chrome browser dev

Firefox 3.6 Beta 1 doesn't know about:me, but it's fast

This tech news is not embargoed

Where is PHP 6?

The irony of Juniper Networks' new branding

Google Chrome development slows to fix bugs

[ More ]

Subscribe
Learn More
Stats
Contact Staff

Select a newsletter and click Join to sign up!

InternetNews.com Podcast

InternetNews.com
Channel XML/RSS Feeds

Enterprise IT Planet News

Click a Topic to Expand

The Social Web

The New Idiot Box

Feeling the Need for RSS Feeds

Web Services Management

Web services: Evolution or Revolution

Making Money Off The Social Web

The Lure of The Social Network

The Privacy of Social Networking

My Grand Google Obsession

Coding Google's Future

Google Fun in The Summer

Google Pushes Apps

Google's Data Ambitions

Google's IPO

Google's Way With Words

Google, Opponents Square Off in DoubleClick Bid

Microsoft's Past Present And Future

The Vista Ripple Effect

A New Era For Microsoft

Eolas, Microsoft Duke it Out over ActiveX

Microsoft Preps Security Makeover for XP

Microsoft's Security Challenge

Microsoft's Storage Ambitions

Microsoft, AOL Become Partners

Microsoft/Yahoo: Can It Work?

Sun, Microsoft Bandage Old Wounds

The Next Microsoft Era

Truth Time at Microsoft's PDC

XML, Microsoft Threaten Adobe's PDF Format

Will Office 2003 Change Everything?

Mobile Universe

Motorola in Trouble

City-Wide Wi-Fi

Connected in The Windy City

Ultrawideband in the Home

Wi-Fi's Hotspots

CTIA in The Big Easy

Technology, Policy and Politics

3G at Home and Abroad

The Competitive Mobile Landscape

CTIA: A Wireless World in Sin City

Gadget Fest: CTIA Wireless 2008

Wireless Policy in Washington

Cradle to Grave Information Management

Disaster Recovery and Continuity

The Storage Compliance Boom

Compliance, Regulation And Storage

Calling all Clusters, Supercomputers

Betting on BPM

Database Software Continues to Evolve

Tech's Legal Battles

Google in Court

RIM Has Patent Issues

Microsoft In Court

Technology in the Courts

End of the IE Antitrust Case

Microsoft's Legal Struggles

The AMD/Intel Antitrust Showdown

A Patent Battle on eBay Territory

Google, Microsoft and Yahoo's Three-Way Search Battle

Calling Net Neutrality

Microsoft's EU Blues

Vonage on The Patent Hot Seat

Platforms and New Packages

VMware and the Virtualization Craze

Virtualization for All

SOAs in The Enterprise

Application Server Biz on the Rebound

Curtain Drawn on Windows Server 2003

SaaS in The Market

Struggling to Stay Atop the Server Market

Web Standards Bodies Fight for Freedom

Open Source Ecosystem

Microsoft: Loosening the Grip on Source

Showcasing Java

Sun a 'Tiger' at JavaOne

The Future of Java

GPL: Software Freedom Redefined

Linux in the Enterprise

Linux on the Desktop

LinuxWorld 04: A More Mature Tux

LinuxWorld Storms San Francisco

LinuxWorld Takes Boston

LinuxWorld by the Bay

Oracle's Linux Realm

SCO Declares War on Linux

The Growth of Linux-Based Storage

The Linux Kernel

Novell, Microsoft in Open Dance

Open Source Open for Business

Open-source Databases Gathering Steam

Oracle Plants Flag at OpenWorld 2006

Evolution of Search

Competing for the Search Lead

Enterprise Search Ready for Prime Time

Mobile Search Takes Flight

Racing To Dominate Desktop Search

Search And Censorship

Search Engine Optimization

Search Meets Mapping

Thinner Slices of The Paid Search Pie


Partner With Us

CERT Amends DNS Flaw Fix

The advisory center has found that a previous fix for buffer overflow exploits in DNS resolver libraries is not sufficient.

Share this Article

Twitter

FriendFeed

Print this Article

Comment on this article

Email this Article

August 28, 2002
By Clint Boulton: More stories by this author:

The Carnegie Mellon Software Engineering Institute (CERT/CC) Wednesday said that the previous fix it offered to thwart buffer overflows in domain name system (define) resolver libraries may not be enough to safeguard certain software systems.

CERT/CC made the amendment as a follow-up to its June 28 announcement that remote attackers could send malicious DNS responses that may exploit vulnerabilities to execute arbitrary code or cause a denial-of-service attack (define) on a system.

Perpetrators could hijack computers running certain vulnerable installed software products made by high-profile vendors, including those made by Caldera, HP, IBM and Red Hat.

Flaws in the DNS are serious, as it is responsible for translating text-based Web addresses to numeric IP addresses.

CERT/CC said that when the advisory was first published, it was thought that a caching DNS server that reconstructs DNS responses would prevent malicious code from reaching systems with vulnerable resolver libraries.

"This workaround is not sufficient," Cert/CC claimed. "It does not prevent some DNS responses that contain malicious code from reaching clients, whether or not the responses are reconstructed by a local caching DNS server. DNS responses containing code that is capable of exploiting the vulnerabilities described can be cached and reconstructed before being transmitted to clients. Since the server may cache the responses, the malicious code could persist until the server's cache is purged or the entries expire."

CERT/CC said the only real remedy to the flaw is to upgrade to a corrected version of the DNS resolver libraries.

CERT/CC published two separate vulnerability notes with additional technical details here and here.

CERT/CC credited Joost Pol of PINE-CERT, the FreeBSD Project, the NetBSD Project, and David Conrad of Nominum for information about the flaw.

LATEST NEWS

Microsoft Targets Salesforce and Oracle

Kaspersky Offers Macs a Security Blanket

ScaleMP Adds Cloud Virtualization for Servers

Yahoo Testing Real-Time Search With OneRiot

Nokia Latest to Play Opera Mobile 10 Browser

DNS vulnerabilities have been common fare among CERT/CC advisories in the past year. Particularly hard hit was the Berkeley Internet Name Domain (BIND) DNS, which was found to be susceptible to DoS attacks in June. The BIND DNS Server is used on most name serving machines on the Internet.

BIND flaws were also detected in January 2001.

Share this Article

Twitter

FriendFeed

Print this Article

Comment on this article

Email this Article

Developer Archives | 7 Day InternetNews Summary | Contact Clint Boulton | Back to top

Add internetnews.com
to your browser search box.

IE 7 |

Firefox 2.0 |

Firefox 1.5.x

Receive news
via our XML/RSS:
feed

More InternetNews.com

Hardware	Software	Mobility	Web Content
Apple Blocks Atom 'Hackintosh' Netbooks: Reports Intel, EMC Team on More Efficient Cloud Storage Now in Second Place, Acer Keeps Charging Ahead	Oracle Outlines Sun Software Plans Red Hat Enterprise Virtualization Gets Managed Now Showing: PowerPoint Gets a Comparison Tool	Marvell, E Ink Team Up for Better eReaders Is the iPhone the New Kindle? iPhone China Launch: Sweet and Sour	Most Enterprises Lack a 'Real-Time' Strategy Social Networks: IT Giants Are Ready to Rock Facebook Wins $711M in 'Spam King' Lawsuit
Search	Government	Developer	Business
Google Taking Search Social Google Co-Founder Surprises Web 2.0 Summit Google: We've Got a Twitter Deal, Too	White House Taps Drupal to Open Source Site Intel Could Face FTC Complaint Net Neutrality Postmortem: Cheers and Jeers	IBM Links Rational Developer Tools, Tivoli Apps Libraries Give Vista Apps a Windows 7 Look Ubuntu: The 'Default Alternative' to Windows?	Cisco Acquires Chinese Set-Top Box Vendor Windows 7 Shows Signs of Early Gains Broadband Market Still Expanding
Storage	E-Commerce	Networking	Security
Hitachi Looks to the Cloud for Storage Iomega Launches Consumer/SMB NAS Device Analyst Ups EMC Estimate, Price Target	Craigslist's Newmark on Media's New Curator Role Google Sings a New Search Tune Disney's Key to the Digital Kingdom	ICANN Goes Global in Domain Names Aruba Moves Wireless Management to the Cloud Juniper Networks Evolves Its Silicon and More	Facebook Rejiggers Privacy Rules Following Probe Two-Headed Trojan Targets Online Banks California Medicaid Members' Data Exposed

New Openings

Sr Systems Engineer â€“ Replication (PA) Principal, Consulting Services (TX) Solutions Engineer II (HTX)

Sr Implementation Engineer â€“SAN- TSM (CO) Senior Systems Administrator Windows (IL) Sr Systems Engineer - VMware (Like a VMWare Architect) - PA

WebMediaBrands Corporate Info

Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs

Solutions

Whitepapers and eBooks

IBM Articles: A Smarter Business Needs Smarter Technology
Intel Xeon Processor Increases Server Efficiency and Capabilities
Intel Tech Brief: Automated Energy Efficiency for the Intelligent Enterprise
Oracle Whitepaper: Using Oracle In-Memory Database Cache to Accelerate the Oracle Database
Oracle Whitepapers - Innovation for IT Leaders
Avaya Article: Communication-Enabled Mashups--Empowering Both Business Owners and IT
Internet.com eBook: IT Manager's Guide to Social Networking

Internet.com eBook: Get Ready for Windows 7
Microsoft Article: Expression Web 3—New Features for PHP Developers
Whitepapers: Manage Your Business Infrastracture with IBM
Whitepaper: Maximize Your Storage Investment with HP
Internet.com eBook: Becoming a Better Project Manager
Microsoft Article: Stress Free and Efficient Designer/Developer Collaboration
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Webcast: Connecting PHP to Microsoft Technologies
Video: Microsoft Partner Program Benefits
Video: Windows Azure Debugging Tips

SAP BusinessObjects Webcast: Unlock the Power of Reporting with Crystal Reports
IBM Webcast: Speed Business Innovation with Reduced Cost and Risk
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Downloads & Free Trials: Microsoft's New Efficiency Resource Center
Microsoft SQL Server 2008 Trial Software Evaluation
Get the Windows 7 SDK

Free Trial: Red Gate SQL Backup Pro 6
Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Internet.com Hot List: Get the Inside Scoop on the Hottest IT and Developer Products
All About Botnets

HP PartnerOne: Your customers don't want just any solution. They want the right solution.
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES