Security Incidents: Re: Lion Worm/crew.tgz/suspect bind versions

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Lion Worm/crew.tgz/suspect bind versions

From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Tue, 27 Mar 2001 10:28:30 -0500

On Tue, 27 Mar 2001 10:10:21 +0300, Lucian Hudin said:

Bind 8.1.2 isn't vulnerable, and still widely used. Sometimes people
downgrade from 8.2.x to 8.1.2.


It isn't vulnerable to *this* bug.

Note that the TSIG bug and the recent off-by-one error were both listed
as [bug] rather than [security] in the BIND src/CHANGES file.

You might want to look at http://www.cert.org/advisories/CA-1999-14.html
and see if you can convince yourself that BIND 8.1.2 is immune to
all 6 attacks listed.

You may also want to look at
ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos
which notes that BIND 8.2.1 requires a patch to fix another issue...

Other than all *those* problems, yes, I guess 8.1.2 *is* secure. ;)

--
                                Valdis Kletnieks
                                Operating Systems Analyst
                                Virginia Tech

Attachment: _bin
Description:

By Date By Thread

Current thread:

Re: Lion Worm/crew.tgz, (continued)
- Re: Lion Worm/crew.tgz Roberto (Mar 24)
  - Lion Worm/crew.tgz/suspect bind versions Lawrence Frewin of Accommodation.com (Mar 24)
    - Re: Lion Worm/crew.tgz/suspect bind versions Valdis Kletnieks (Mar 26)
    - Re: Lion Worm/crew.tgz/suspect bind versions Lucian Hudin (Mar 27)
    - Re: Lion Worm/crew.tgz/suspect bind versions Valdis Kletnieks (Mar 27)