[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 712/06 - Internet Systems Consortium Security Advisory: BIND 9: OpenSSL Vulnerabilities.



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

 UNIRAS (UK Government CERT) Briefing - 712/06 dated 03.11.06 time 14:45
 UNIRAS is part of NISCC (the UK National Infrastructure Security
 Co-ordination Centre)
______________________________________________________________________________

 UNIRAS material is available from the NISCC website at www.niscc.gov.uk
______________________________________________________________________________

Title
=====

Internet Systems Consortium Security Advisory: BIND 9: OpenSSL Vulnerabilities.
                            
Detail
======

Because of OpenSSL's recently announced vulnerabilities
(CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
we are announcing this workaround and releasing patches.  A proof of
concept attack on OpenSSL has been demonstrated for CAN-2006-4339.
OpenSSL is required to use DNSSEC with BIND.  ISC had included
the OpenSSL library in the BIND distribution, and in more recent
versions, the OpenSSL library was required, but no longer a part
of the distribution.



               Internet Systems Consortium Security Advisory.
                   BIND 9: OpenSSL Vulnerabilities.
                             31 October 2006

Versions affected:
	BIND 9.0.x (all versions of BIND 9.0)
	BIND 9.1.x (all versions of BIND 9.1)
	BIND 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.2.6-P1,
	     9.2.7b1, 9.2.7rc1 and 9.2.7rc2
	BIND 9.3.0, 9.3.1, 9.3.2, 9.3.2-P1, 9.3.3b1, 9.3.3rc1 and 9.3.3rc2
        BIND 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6, 9.4.0b1
	     and 9.4.0b2

Severity: Moderate (see below)
Exploitable: Remotely

Description:

	Because of OpenSSL's recently announced vulnerabilities
	(CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
	we are announcing this workaround and releasing patches.  A proof of
	concept attack on OpenSSL has been demonstrated for CAN-2006-4339.

	OpenSSL is required to use DNSSEC with BIND.  ISC had included
        the OpenSSL library in the BIND distribution, and in more recent
	versions, the OpenSSL library was required, but no longer a part
	of the distribution.

Workaround:

	Recompile named with a known good version of OpenSSL.
	OpenSSL 0.9.8d and 0.9.7l or greater are known to be good
	versions.

	For both KEY and DNSKEY resource record types, Generate
	RSASHA1 and RSAMD5 keys using the -e option to dnssec-keygen
	if the current keys were generated using the default exponent
	of 3.  You can determine if a key is vulnerable by looking
	at the algorithm (1 or 5) and the first three characters
	of the base64 encoded RSA key.

	RSASHA1 (5) and RSAMD5 (1) keys that start with AQM, AQN, AQO
        or AQP are vulnerable.

	For example, this RSASHA1 (5) key is vulnerable and needs to be
	replaced as the base64 encoded RSA key starts with AQP.

	DNSKEY 256 3 5 ( AQPGP80zt8pQS5xVaaaD054XBet8sCKaYZ9WrnYyuznqNX
			 kS91j6qqHuw7Y9kKAVsFoWfNw0CpahdIJIhUPFM1JRJtXh
		         Ny1cg9Ok3kBnN+fwCe2LY3qOtweFbL9bSjgolQWr42AlFO
		         jZnJVW1cECgVBfinKHBIEIIwIdHGGuLyIQaQ== )

	Note: the use of RSAMD5 (1) is no longer recommended.

	Once you have generated new keys, use the key rollover
	process of your choice to put them into production. We
	expect your normal (non-emergency) processes to be adequate,
	however, you should do your own risk analysis against the
	costs of exploitation of weak keys and proceed accordingly.

Fix:

	Upgrade to BIND 9.2.6-P2, BIND 9.3.2-P2, BIND 9.2.7rc3,
	BIND 9.3.3rc3 or BIND 9.4.0b3 then generate new RSASHA1 and
	RSAMD5 keys for all old keys using the old default exponent
	and perform a key rollover to these new keys.  See above
	for how to determine if you are using the old default exponent.

	These new versions of named check that the OpenSSL version meet
	the mininum revision levels at configure time -- for Windows,
	compile time.

	These versions also change the default RSA exponent to be
	65537 which is not vulnerable to the attacks described in
	CAN-2006-4339.

Revision History:

	20061102: Corrected fixed version number from BIND 9.2.3-P2
	to BIND 9.3.2-P2.






______________________________________________________________________________

NISCC values your feedback.

1. Which of the following most reflects the value of the briefing to you?
(Place an 'X' next to your choice)

Very useful:__ Useful:__ Not useful:__ 

2. If you did not find it useful, why not?


3. Any other comments? How could we improve our briefings?


Thank you for your contribution.
______________________________________________________________________________

For additional information or assistance, please contact our help desk
by telephone.  You may send Not Protectively Marked information via
e-mail to uniras@xxxxxxxxxxxxx

Office hours:

Mon - Fri: 08:30 - 17:00 hours
Tel: +44 (0) 870 487 0748 and follow the voice prompts
Fax: +44 (0) 870 487 0749

On-call duty officer outside office hours:
Tel: +44 (0) 870 487 0748 and follow the voice prompts

______________________________________________________________________________

UNIRAS wishes to acknowledge the contributions of ****** for the
information contained in this briefing.
______________________________________________________________________________

This notice contains information released by the original author.
Some of the information may have changed since it was released. If the
vulnerability affects you, it may be prudent to retrieve the advisory
from the site of the original source to ensure that you receive the most
current information concerning that problem.

Reference to any specific commercial product, process, or service by
trade name, trademark manufacturer, or otherwise, does not constitute or
imply its endorsement, recommendation, or favouring by UNIRAS or NISCC.
The views and opinions of authors expressed within this notice shall not
be used for advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors
or omissions contained within this briefing notice. In particular, they
shall not be liable for any loss or damage whatsoever, arising from or
in connection with the usage of information contained within this
notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams
(FIRST) and has contacts with other international Incident Response
Teams (IRTs) in order to foster cooperation and coordination in incident
prevention, to prompt rapid reaction to incidents, and to promote
information sharing amongst its members and the community at large.
______________________________________________________________________________

<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBRUtVVWl7oeQsXfKvEQLKtQCfVAe0OeSdQG/b8N7Js8jBxiplHDwAoNED
XrtCU+LYbfSupCfShrVew6qO
=p0S1
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________