Critical flaw in BIND… and North Korea Declares War

If you run your own DNS, time to update. The Berkeley Internet Name Daemon (BIND)’s got a serious and dead-easy-to-exploit problem.

For everyone else: DNS servers are a core component of the Internet, being that they’re what translates e.g zerohedge.com into 178.209.48.14. Not only is the former a lot easier to remember, but the IP address has to change every once in a while when you upgrade servers or change hosting providers.

On the other hand, being able to compromise the authoritative DNS server for a given domain is a problem… many websites have found their traffic redirected to malicious or just obviously hacked pages in the last few years, including people that should have known better. (and probably were too well secured server-side to see easy compromise any other way)

Also, North Korea just declared war on the South… this is a little unusual, since in some 60 years of cross-border antics and paranoia (Manchurian Candidate anybody?) nobody has gone so far as to invalidate the armistice and declare war.

Evidently Dennis Rodman left a little madness behind, or perhaps even the North Koreans found Eric Schmidt’s attitudes on privacy a bridge too far. (Some recent assassination attempts probably didn’t help either, maybe the gun battle in Pyongyang cracked a window in the Great Pyramid Hotel of Doom.)

The Democratic Republic of North Korea now states that any “military provocation” (like the hundreds or thousands of comparatively minor incidents perpetrated by both sides over the last few decades) will result in, well, Total War.

The clearly-written-by-native-Engrish-speakers press release, for all its potentially apocalyptic and horrifying implications, contains some passages worth quoting (http://live.reuters.com/Event/North_Korea/70001409):

“the declaration of a do-or-die battle to provide an epochal occasion for […] opening a new era.”

“a final victory of the great war for national reunification true to the important decision made by Kim Jong Un.” “merciless nuclear attack and […] all-out war.”

“They should clearly know that in the era of Marshal Kim Jong Un, the greatest-ever commander, all things are different from what they used to be in the past.

The hostile forces will clearly realize the iron will, matchless grit and extraordinary mettle of the brilliant commander of Mt. Paektu that the earth cannot exist without Songun Korea.

Time has come to stage a do-or-die final battle.”

“If the U.S. and the south Korean puppet group perpetrate a military provocation for igniting a war against the DPRK in any area including the five islands in the West Sea of Korea or in the area along the Military Demarcation Line, it will not be limited to a local war, but develop into an all-out war, a nuclear war.”

http://threatpost.com/en_us/blogs/critical-flaw-threatens-millions-bind-servers-032813

“There is a critical vulnerability in several current versions of the BIND nameserver software that could allow an attacker to knock vulnerable DNS servers offline or compromise other applications running on those machines. The bug is present in several versions of the ubiquitous BIND software and the maintainers of the application have released a patch for it that they recommend users install as soon as possible.[…]

BIND is the most widely deployed nameserver software used on the Internet and is one of the critical pieces of software that underpins the infrastructure of the Web. Vulnerabilities in BIND packages are seen as serious problems, more so than an equivalent vulnerability in a less critical server application. While the ISC released a patch for the vulnerability this week, the process of users updating the millions of nameservers running BIND will take months, and a post on the Full Disclosure mailing list makes it clear that patching should be a top priority.

“I think this one stands out from most other BIND vulnerabilities due to its ease of exploitation. It took me approximately ten minutes of work to go from reading the ISC advisory for the first time to developing a working exploit. I didn’t even have to write any code to do it, unless you count regexes or BIND zone files as code. It probably will not be long before someone else takes the same steps and this bug starts getting exploited in the wild,” Daniel Franke said in a message on the mailing list.”

Advertisements
%d bloggers like this: