New Zealand internet service providers are moving fast to upgrade their domain-name servers in the wake of a warning about a security hole in two versions of DNS software.
“We certainly changed ours quickly,” says Auckland's 2day Internet head Peter Mott, “because we run the domains for Pitcairn Island, Tokelau and the Antarctic, and anyone near the top of the domain tree like that becomes an early target. I’m pleased to see that Domainz [which runs the .nz space] has upgraded its servers.
“Some of the other providers might not have been so quick,” he says, especially as upgrading has to be tackled very carefully. But New Zealand is a comparatively small community, “and word gets around quickly”, particularly as advisories have been issued by the US government-funded CERT (Computer Emergency Response Team) co-ordination centre. So there is a good chance that patches will be applied, or the DNS software upgraded to new versions in time to prevent any new intrusions.
Because the holes have existed for some time, however, it is impossible to say whether intrusions exploiting them might have already taken place, says Allan Bell, Sydney-based senior marketing manager at security specialist Network Associates. One of the affected versions, Bind 4 (Berkeley Internet Name Domain), has been in DNS servers since September 1996. The other, Bind 8, was released in January 1999.
The hole allows an intruder to overflow a data buffer, overwriting adjacent code or a data stack in the DNS server. It would take a skilful hacker who knows the structure of the server’s stacks to be able to do any real damage, says Bell, but even an amateur hacker blindly following a script could manage to crash a server.
As a worst-case scenario, hackers could redirect internet requests to a server of their own, and collect user-names and passwords for something as sensitive as a banking service, he says.