COVERT DISCOVERS VULNERABILITIES IN DNS SERVER SOFTWARE.The COVERT Labs (Computer Vulnerability Emergency Response Team) at PGP (Pretty Good Privacy) A data encryption program from PGP Corporation, Palo Alto, CA (www.pgp.com). Published as freeware in 1991 and widely used around the world for encrypting e-mail messages and securing files, PGP is available for commercial use and as freeware for Security, a Network Associates business (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on : NETA), Santa Clara Santa Clara, city, Cuba Santa Clara (sän`tä klä`rä), city (1994 est. pop. 217,000), capital of Villa Clara prov., central Cuba. , Calif., has discovere high-risk vulnerabilities in the BIND 4 and BIND 8 DNS server A dedicated server or a service within a server that provides DNS name resolution in an IP network. It turns names for Web sites and network resources into numeric IP addresses. DNS servers are used in large companies, in all ISPs and within the DNS system in the Internet, a vital service software from the Internet Software Consortium (ISC (1) (Internet Systems Consortium, Redwood City, CA www.isc.org) An organization founded by Paul Vixie, Carl Malamud and Rick Adams in 1994 and later sponsored by UUNET and other Internet companies. ). These vulnerabilities could allow a remote attacker to launch a denial of service attack An assault on a network that floods it with so many additional requests that regular traffic is either slowed or completely interrupted. Unlike a virus or worm, which can cause severe damage to databases, a denial of service attack interrupts network service for some period. , hijack domain names, or compromise a vulnerable DNS server. BIND is a core part of the Internet's domain name resolution infrastructure - allowing the conversion of domain names into numeric Internet Protocol See Internet and TCP/IP. (networking) Internet Protocol - (IP) The network layer for the TCP/IP protocol suite widely used on Ethernet networks, defined in STD 5, RFC 791. IP is a connectionless, best-effort packet switching protocol. (IP) addresses. These numeric IP addresses are required for any information to reach its intended destination on the Internet. Exploitation of these vulnerabilities could potentially disrupt all Internet-based communication that relies on a domain name, effecting every company that maintains a Web site or that utilizes e- mail as a communication tool. "If this vulnerability was exploited by an attacker, all Internet traffic Internet traffic is the flow of data around the Internet. It includes web traffic, which is the amount of that data that is related to the World Wide Web, along with the traffic from other major uses of the Internet, such as electronic mail and peer-to-peer networks. relying on a vulnerable server could be brought to a halt," said Jim Magdych, manager of the COVERT Labs at PGP Security. "Additionally, depending on a corporation's network configuration, a hacker could take advantage of the vulnerability to compromise the server and launch further attacks - potentially allowing the attacker access to their internal network." COVERT Labs discovered the vulnerability while conducting research into core services The introduction to this article provides insufficient context for those unfamiliar with the subject matter. Please help [ improve the introduction] to meet Wikipedia's layout standards. You can discuss the issue on the talk page. of the Internet infrastructure and immediately contacted ISC to help develop a patch for all affected users. For detailed information, including patch information and a comprehensive analysis of these vulnerabilities, please visit www.pgp.com. COVERT Labs, a part of the PGP Security business unit of Network Associates, identifies and works to resolve serious vulnerabilities before attackers are able to exploit them. Research is focused on widely used products and mission-critical services where a vulnerability could affect a large number of users. By working closely with these vendors, the COVERT Labs at PGP Security help to secure networks and systems around the world. PGP Security, a Network Associates business, is a worldwide leader in products and services focusing on solving privacy and data confidentiality issues, and has a strong history of setting security industry standards. PGP Security's breadth of security products, including firewall, encryption, intrusion detection, risk assessment and VPN (Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. technologies, address the full range of security and privacy issues, anywhere information is transmitted or stored. PGP Security's products secure over seven millions users and include several of the industries well-known security brands, including Gauntlet Firewall and VPN, PGP Data Security, CyberCop Scanner, and PGP e-ppliances. For more information and software evaluations, visit http://www.pgp.com. About Network Associates With headquarters in Santa Clara, Calif., Network Associates, Inc. is a leading supplier of security and availability solutions for e-business. Network Associates' five business units, PGP Security, providing firewall, intrusion detection and encryption products, Sniffer Technologies, the leader in network and application management, Magic Solutions, providing web-based service desk solutions, McAfee, delivering world class anti-virus products, and myCIO.com, an infrastructure ASP providing security and anti-virus services, all produce best-of-breed solutions leveraging core technologies to provide the security and availability needed for e-business. Network Associates is also a majority owner of McAfee.com, one of the world's largest business to consumer application service provider. For more information, call 972-308-9960 or visit http://www.nai.com. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion