Keep an Eye on BIND Bugs

Earlier this year, the CERT Coordination Center (CERT/CC), a US government—funded Internet-security think tank, announced the existence of four security holes in BIND versions earlier than 8.2.3. The vulnerabilities let intruders easily access BIND servers, perform Denial of Service (DoS) attacks, hijack Web sites, and redirect email traffic. (To read CERT/CC's report about these holes, see "CERT Advisory CA-2001-02 Multiple Vulnerabilities in BIND" at http://www.cert.org/advisories/CA-2001-02.html. The Internet Software Consortium—ISC—which develops and maintains the BIND source codes, provides a list of known BIND security bugs at http://www.isc.org/products/BIND/bind-security.html.)

The CERT/CC urged companies that use BIND to immediately upgrade to BIND 8.2.3 or later or BIND 9.1.0 or later, which aren't vulnerable to the identified security holes. (Microsoft's DNS Server isn't a BIND implementation and therefore isn't vulnerable to these particular bugs.)