Solutionary Threat Report - November 2011

Potential 0-day DoS Vulnerability Discovered in Bind 9
The Internet Systems Consortium (ISC) released an alert providing details in what appeared to be a potential zero-day (0-day) vulnerability in Bind 9 (CVE-2011-4313). The issue was discovered after multiple reports were received stating that Bind DNS servers were crashing while a specific log was being generated. The bulletin further details that the crash was found to occur when vulnerable servers received seemingly legitimate recursive queries for invalid records previously cached by the system. Although the volume and frequency of crashes reported by users suggests that these incidents may have been more than just random cases of system malfunction, it has not yet been confirmed if such issues were the result of an attack.
There is no indication, at this time, that this vulnerability could somehow be leveraged for more than simply crashing a server. ISC has since released software patches that modify how affected server versions handle recursive queries for cached invalid records, such that the system will recover gracefully rather than exiting abruptly. As a matter of best practice, Solutionary recommends review and testing of this patch where possible, prior to installation on an affected system. Further details can be found here: https://www.isc.org/software/bind/advisories/cve-2011-4313

Why is my printer acting this way?


Printer vulnerabilities are not new, but a new twist has picked up some mainstream attention during the last week of November. An MSNBC blog published an article laying out the details of work conducted by researchers at Columbia University to demonstrate how vulnerabilities in some HP LaserJet printers could be exploited to overwrite their firmware (operating system for embedded systems). Such vulnerabilities might provide malicious third parties with a significant stepping stone to use as a launching point for attacks aimed further into a network.
The demonstration as detailed by the MSNBC blog and other sources discusses how an attack could range from the quiet exfiltration of sensitive/proprietary information, the spread of malware, to simply rendering printers inoperable. HP is currently reviewing the details of the vulnerabilities brought to light, and has not yet confirmed which printer models might be vulnerable. With confirmation pending, software updates have not yet been provided. In the mean time, as a matter of best practice, Solutionary advises that access to embedded systems such as printers should be carefully restricted through the use of properly implemented firewalls, VPNs, and/or network Access Control Lists (ACLs).