Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: BIND 8.2.2-P5 Possible DOS
From: "L. Adrian Griffis" <dt26453 () dstsystems com>
Date: Thu, 9 Nov 2000 09:40:07 -0600

On Wed, 8 Nov 2000, Jeroen Ruigrok/Asmodai wrote:

-On [20001108 19:01], Fabio Pietrosanti (naif) (fabio () TELEMAIL IT) wrote:
playing with bind and ZXFR feature ( zone transfer compressed with a
possible insecure execlp("gzip", "gzip", NULL); ), i discovered a
Denial Of Service against Bind 8.2.2-P5 .

Data points:

FreeBSD 4-STABLE and 5-CURRENT with BIND 8.2.3-T5B and T6B plus aa_patch
and the described `DoS/exploit' will not work.  The logs show that it
got a zonetransfer type which was unsupported, but the named just keeps
on ticking.

Solaris with BIND 8.2.2-p5 has no problems as well.  And I am betting
money on it that BIND 8.2.2-p5 will not fail under FreeBSD as well.

Personally I think it will not cause problems on a lot of systems, aside
from spurious log entries.

I urge you not to read too much into these data (specifically the systems
that did not crash).  Another message mentions that sometimes the daemon
operates normally for a while before it crashes.  This is very normal for
failures to check the validity of returned pointers and programming
errors that leads to overruns of allocated memory.  It may be that on the
systems that didn't crash, some damage has still been done, but the layout
of memory is such that it is less likely in this case to terminate the
program.  More importantly, this leaves open the possibility that an
exploitable bug exists, even on those platforms for which bind didn't
crash.

Adrian


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault