SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
(CIAC Issues Bulletin L-094) Re: BIND Domain Name System Software May Disclose DNS Transactional Signature (TSIG) Keys to Local Users
SecurityTracker Alert ID:  1001736
SecurityTracker URL:  http://securitytracker.com/id/1001736
CVE Reference:   CAN-2001-0497   (Links to External Site)
Date:  Jun 13 2001
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): All versions of BIND with dnskeygen, up to and including BIND 8.2.4; All versions of BIND with dnssec-keygen, up to and including BIND 9.1.2.
Description:   A vulnerability has been reported by Internet Security Systems in the BIND DNS software "dnskeygen" utility that allows local users to view cryptographic keys that are used for dynamic DNS updates.

It is reported that the DNS Transactional Signatures (TSIG) keys (shared secrets for HMAC-MD5) generated by dnskeygen are stored in two files, but only one of the files configured with strong access control under the default configuration. As a result, local users may obtain the keys without authorization. With the keys, a user can make dynamic updates to the DNS server.

This vulnerability reportedly only affects sites that use Dynamic DNS updates with HMAC-MD5 keys.
Impact:   Local users may obtain DNS keys without authorization and make dynamic updates to the DNS server.
Solution:   The report indicates that BIND 9 users should upgrade to BIND 9.1.3rc1 or higher and that BIND 8 users should refer to the workarounds in the Source Message until BIND 8.3 is available sometime in the July 2001 timeframe.
Vendor URL:  www.isc.org/ (Links to External Site)
Cause:   Access control error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Jun 11 2001 BIND Domain Name System Software May Disclose DNS Transactional Signature (TSIG) Keys to Local Users


 Source Message Contents
Date:  Tue, 12 Jun 2001 14:41:14 -0700 (PDT)
Subject:  CIAC Bulletin L-094 BIND Inadvertent Local Exposure of HMAC-MD5 (TSIG) Keys


[ For Public Release ]
-----BEGIN PGP SIGNED MESSAGE-----

             __________________________________________________________

                       The U.S. Department of Energy
                     Computer Incident Advisory Center
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

            BIND Inadvertent Local Exposure of HMAC-MD5 (TSIG) Keys
                              [Unix/Linux Systems]

June 12, 2001 17:00 GMT                                           Number L-094
______________________________________________________________________________
PROBLEM:       Keys generated by the dnskeygen utility and the dnssec-keygen 
               utility have an access control vulnerability in one of two 
               files. This vulnerability only exists for systems performing 
               dynamic updates using HMAC-MD5 keys. 
PLATFORM:      All versions of BIND with dnskeygen, up to and including BIND 
               8.2.4.
               All versions of BIND with dnssec-keygen, up to and 
               including BIND 9.1.2. 

               This flaw only affects sites that use Dynamic DNS updates with
               HMAC-MD5 keys and does not affect any sites that only use static
               zone files (the majority of BIND installations). Sites that
               perform dynamic DNS updates from otherwise secured systems (such
               as a dedicated DHCP server having no common users) are not
               affected by this flaw. 
DAMAGE:        A malicious party accessing the vulnerable key file may cause 
               unintended updates to a DNS server. The keying material for DNS 
               updates is also vulnerable to retrieval. The integrity of the 
               DNS server is placed at risk. 
SOLUTION:      Review the advisory and perform necessary upgrading and file 
               checking, as specified. 
______________________________________________________________________________
VULNERABILITY  The risk is LOW. There have been no reported exploits of this 
ASSESSMENT:    vulnerability. This vulnerability does not exist for those 
               sites using static zone files, or sites that perform dynamic 
               updates from other secured servers. 
______________________________________________________________________________

[******  Begin ISS Bulletin ******]

http://www.ciac.org/ciac/bulletins/l-094.shtml

[******  End ISS Bulletin ******]

_______________________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition

iQCVAwUBOyaL+LnzJzdsy3QZAQGW0AQA+v6lv2RdkPoz6loSzCi79inVWTSj4KHW
gGyRKu9rifgQw5c3n5Vdh/S+Ve9bZcFdX5rBqEwfn8AAaTPGGdn6BnAqwQPd0kl+
4IsDvHMh5xcZKNJdrkRZtydyJZdcIxG5Z7Cj80sP8qDlZTjJbR/rdkDPsUC1gP8B
4+zXR1Iy+Kc=
=CFlg
-----END PGP SIGNATURE-----

-+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+
This message was posted through the FIRST mailing list server.  If you
wish to unsubscribe from this mailing list, send the message body of
"unsubscribe first-info" to first-majordomo@FIRST.ORG
-+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC