Top 20 Internet security vulnerabilities (2004)

The Berkeley Internet Name Domain (BIND) package has become the worlds most widely used implementation of the Domain Name Service (DNS). DNS is a critical system that facilitates the conversion of hostnames (e.g. www.sans.org) into the corresponding registered IP address. Due to the ubiquity and critical nature of BIND, it has been made the target of frequent attack. Denial of Service (DoS) attacks, which generally result in a complete loss of naming services to Internet sites, have long plagued BIND. Various other attacks such as buffer overflows and cache poisoning have been discovered within BIND. Although the BIND development team has historically been quick to respond to and/or repair vulnerabilities, an excessive number of outdated, mis-configured and/or vulnerable servers still remain in production.