Home page logo

bugtraq logo Bugtraq mailing list archives

Re: fingerprinting BIND 9.1.0
From: Eric Limpens <eric () LIMPENS NET>
Date: Tue, 30 Jan 2001 20:28:32 +0100

On Mon, Jan 29, 2001 at 03:50:31PM -0800, Max Vision wrote:

The BIND 9.1.0beta releases and now BIND 9.1.0 include another hard coded
chaos record called "authors".  So now even if an admin changes or
suppresses their version reply string, a remote user can still determine
whether the server is running BIND 9.x.  With the recent discovery of the
tsig bug in BIND there will probably be a huge rise in version
queries.  Some attackers may remove ambiguity by skipping servers that
reply to authors.bind (inferring that it's bind 9.1.0 and not vulnerable).

% dig @ns.example.com authors.bind chaos txt

For the absolute paranoid (all of us I guess), this patch will disable at
least that fingerprinting.


-------->8 cut here 8<-------
--- server.c.org        Tue Jan 30 20:25:57 2001
+++ server.c    Tue Jan 30 20:23:03 2001
@@ -1667,7 +1667,7 @@
        ISC_LIST_APPEND(lctx.viewlist, view, link);
        CHECK(create_version_zone(cctx, server->zonemgr, view));
-       CHECK(create_authors_zone(server->zonemgr, view));
+/*     CHECK(create_authors_zone(server->zonemgr, view));*/
        view = NULL;
-------->8 cut here 8<-------

GIT$ d+ s+:- !a C+++ UL++++ P+++ L+++ E--- W+ N++ o K+ w--
O- M- V- PS PE Y+ PGP++ t 5 X R- tv+ b++ DI++ D
G e h+ r y?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]