Daily Archives: December 31, 2015

ISC Releases Security Updates for BIND (December 2015)

Earlier this month the Internet Systems Consortium (ISC) released a security update to address a critical denial of service issue (defined) within their BIND DNS software.

This vulnerability is caused by an error in the parsing (analyzing data in a structured manner in order to create meaning from it) of incoming responses allowing records within those responses to have incorrect classes causing them to be accepted rather than rejected. If the parsing was carried out correctly the incorrect class would be detected. A single specifically crafted packet sent to BIND will cause it to trigger a REQUIRE assertion failure which will cause BIND to exit.

Why Is This Issue Considered Critical?
A single specifically crafted response sent to BIND will cause it to trigger a REQUIRE assertion failure when the records within that response are later cached. An attacker could exploit this issue to cause BIND to exit resulting in a denial of service for the legitimate clients of the BIND server. Recursive DNS (defined) BIND servers are at high risk to this issue.

This issue affects a large number of versions (listed below) of BIND making this issue ever more important to address:
9.0.x -> 9.9.8
9.10.0 -> 9.10.3

Moreover, according to ISC, this issue has no workarounds or known mitigations. The only solution is to install the updates to BIND as mentioned in this security advisory.

How Can I Protect Myself From This Issue?
If you use BIND (it is included with Linux distributions e.g. Redhat, Ubuntu etc.) to provide any DNS services within your company/organization or you know anybody who may be affected by this issue, please follow the advice within ISC’s security advisory to install the necessary update to resolve this issue:

CVE-2015-8000: Responses with a malformed class attribute can trigger an assertion failure in db.c

Thank you.

Symantec Addresses Information Disclosure Issue within Endpoint Encryption Products

Earlier this month made available a security update to address a medium severity information disclosure issue (which was assigned one CVE (defined) number) within their Endpoint Encryption product (version 11.0 and earlier).

Why Should This Issue Be Considered Important?
The Symantec Endpoint Encryption (SEE) client (which would be installed on servers, workstations and laptops) was found to be vulnerable to a forced memory dump issue within the SEE Framework Service, (EACommunicatorSrv.exe). If an authorized but unprivileged user has access to a system with the vulnerable version of Endpoint Encryption installed, they could potentially obtain from the forced memory dump Domain user credentials of the SEE Management Server (SEEMS). Using these credentials, they could obtain unauthorized access to further systems using the management server.

How Can I Protect Myself From This Issue?
Symantec issued a security advisory which contains details of the necessary update to address this issue which was responsibly disclosed (defined) to Symantec. Please note the download link for this update requires the serial number of your Symantec product in order to proceed.

Moreover, Symantec provides further best practice advise to minimize the impact of this issue within their advisory.

If you are using the affected Symantec corporate encryption product within your organization, please install the relevant update as soon as possible.

Thank you.