Advertisment

Flaw in critical Internet software can trigger hacker attacks

author-image
CIOL Bureau
New Update

Jim Wolf

Advertisment

WASHINGTON: A flaw in software that helps drive the Internet could let
hackers disrupt Web operations worldwide unless corrected quickly, a US Defense
Department-funded research center said on Monday.

Electronic intruders seizing on the newly discovered vulnerability could gain
control of domain name servers (DNS), which translate easy-to-remember names
such as www.reuters.com into numeric
addresses read by computers.

Once in control, attackers could change and reroute the numeric
"Internet Protocol" addresses to disastrous effect, said the CERT
Coordination Center at Carnegie Mellon University in Pittsburgh, Pennsylvania.

Advertisment

"The result of a change in mapping could be devastating: Internet
traffic such as Web access, electronic mail, and file transfers could be
redirected to arbitrary sites chosen by an intruder," said the CERT
Coordination Center, formerly the Computer Emergency Response Team at the
university's Software Engineering Institute.

Attackers ranging from thrill-seekers to organized crime to foreign foes
could block access to or from their victims, in effect cutting them off from the
rest of the Internet, CERT said.

Virtually every site on the Internet depends on one or more DNS, or name
server, to steer traffic. CERT estimated as many as 90 per cent of the name
servers on the Internet were running flawed versions of the software known as
BIND.

Advertisment

It urged system and network administrators to upgrade immediately to a
supposedly invulnerable version of BIND, the most widely used DNS server
software.

Arbitrary code

BIND stands for Berkeley Internet Name Domain. Versions 4 and 8 of the package
were found to contain flaws that would let a remote attacker execute
"arbitrary code" that could let them hijack Web sites by rerouting
traffic or swamping them with data to disrupt services or cover other malicious
assaults.

Advertisment

Jeffrey Carpenter, manager of the CERT Coordination Center, told a news
conference that systems administrators were "essentially in a race" to
beat the expected posting of tools on the Web that would let hackers exploit the
newly discovered vulnerabilities.

"The risk is serious and we are trying very hard to make sure that
people address these problems before they become a serious issue," added
Shawn Hernan, a CERT Coordination Center team leader.

The vulnerability was discovered by PGP Security, a unit of Santa Clara,
California-based Network Associates Inc.

Advertisment

"Exploitation of these vulnerabilities could potentially disrupt all
Internet-based communication that relies on a domain name, affecting every
company that maintains a Web site or that utilizes e-mail as a communications
tool," PGP Security said.

Technical information and advice on upgrading is available at http://www.cert.org/advisories/CA-2001-02.html.
The Internet Software Consortium, the authors of BIND, have posted new versions
of the software on their Web site at www.isc.org.

"If this vulnerability was exploited by an attacker, all Internet
traffic relying on a vulnerable server could be brought to a halt," said
Jim Magdych, manager of the Computer Vulnerability Emergency Response Team at
PGP Security.

Advertisment

Jeffrey Lanza, an Internet security analyst at the CERT Coordination Center,
said CERT was not aware of any active exploitation of the newly found
vulnerabilities.

But Magdych said the resulting headaches could be like those that dogged
Microsoft Corp., which said last week its Web services were disrupted by
repeated "denial-of-service" attacks.

Rick Devenuti, Microsoft's chief information officer, said on Friday the
software giant "did not apply sufficient self-defense techniques to our use
of some third-party products at the front end of parts of our core network
infrastructure."

Advertisment

(C) Reuters Limited 2001.

tech-news