Security Incidents: Re: Continued DoS seen on BIND8.2.2p7

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Continued DoS seen on BIND8.2.2p7

From: Ryan Russell <ryan () SECURITYFOCUS COM>
Date: Sat, 3 Mar 2001 18:52:03 -0700

On Sat, 3 Mar 2001, Paul Makepeace wrote:

I was under the impression BIND8.2.2p7 was fixed re: recent DoS
exploits. I'm still seeing named die from time to time, always preceded
by the same signature:


No, not at all.  Anything before 8.2.3-REL has serious problems.  There is
an exploitable overflow in the version you're running, which if not done
just right (or if the attacker doesn't care) results in a crash (a DoS)
rather than code being pushed.  Or there may be exploits that push code
AND crash, I don't know.  You need to upgrade in any case.


Is this a new attack? I have added allow-transfer directives to
named.conf (finally :)


I don't believe that helps much.  The exploit is supposed to be possible
over UDP as well.

                                        Ryan

By Date By Thread

Current thread:

Continued DoS seen on BIND8.2.2p7 Paul Makepeace (Mar 03)
- Re: Continued DoS seen on BIND8.2.2p7 Ryan Russell (Mar 04)
  - Re: Continued DoS seen on BIND8.2.2p7 Valdis Kletnieks (Mar 04)
- Message not available
  - Re: Continued DoS seen on BIND8.2.2p7 Paul Makepeace (Mar 04)