Results 1 to 4 of 4

Thread: Any Info on how to patch for the new DNS vulnerability?

  1. #1
    Join Date
    Jun 2008
    Posts
    1

    Default Any Info on how to patch for the new DNS vulnerability?

    kb.cert.org Vulnerability Note VU#800113

    This says to patch DNS among other suggestions. Does VPSLINK have any information that can help us patch our DNS servers for this? I run BIND on my CENTOS server, so I am concerned.

    I ran "update server software" from WHM and got the following:
    Package bind - 30:9.3.4-6.0.2.P1.el5_2.i386 is already installed.
    Package bind-devel - 30:9.3.4-6.0.2.P1.el5_2.i386 is already installed.
    Package bind-libs - 30:9.3.4-6.0.2.P1.el5_2.i386 is already installed.
    Package bind-utils - 30:9.3.4-6.0.2.P1.el5_2.i386 is already installed

    However the BIND site says we should update to the patch within our major revision, this would be for me 9.3.5-P1. How do I update to 9.3.5-P1 w/o breaking something in Cpanel (assuming I need to do this from the command line) - should I just sit tight until Cpanel provides a later package and re-run "update server software" to get it?
    Last edited by chrisroge; 07-31-2008 at 06:57 PM.

  2. #2
    Join Date
    Dec 2007
    Posts
    1,141

    Default

    The best method for avoiding DNS cache poisoning on your VPS will be to disable recursion (as suggested in the CERT DNS Vulnerability notice).

    The Securing an Internet Name Server document on the CERT site contains instructions for BIND.

  3. #3
    Join Date
    Oct 2007
    Posts
    105

    Default

    What are you using your BIND server for? If you're using it for an authoritative server and not for recursion, you should just turn recursion off in the config. The vulnerability is a cache poisoning attack, so it doesn't apply to authoritative nameservers that don't do recursive lookups.

  4. #4
    Join Date
    Feb 2008
    Posts
    8

    Default

    To answer the original question, on CentOS 5, the patches against the exploit were integrated into version 9.3.4-6.0.1. If it says you have 9.3.4-6.0.2 then you are patched. Otherwise the advice about turning off recursion if its not needed is dead on.
    Last edited by jkfritcher; 08-09-2008 at 04:03 PM.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •