|
Security Incidents
mailing list archives
Re: Bind 9.2.X exploit???
From: Alexandru Balan <jay () iNES RO>
Date: 26 Jul 2002 13:19:29 +0300
i asked the guy for the exploit, ran it. and it seems to fork in
background and afterwards it starts flooding with UDP packets
161.69.3.150 ;P not nice, not nice at all
On Thu, 2002-07-25 at 04:05, ilker güvercin wrote:
I found a tool on my compramised machine called
bind9 and the source code is still there.
its made by team teso bind9 Exploit by by scut of
teso [http://teso.scene.at/]...
Usage: ./bind remote_addr domainname target_id
Targets:
0 - Linux RedHat 6.0 (9.2.x)
1 - Linux RedHat 6.2 (9.2.x)
2 - Linux RedHat 7.2 (9.2.x)
3 - Linux Slackware 8.0 (9.2.x)
4 - Linux Debian (all) (9.2.x)
5 - FreeBSD 3.4 (8.2.x)
6 - FreeBSD 3.5 (8.2.x)
7 - FreeBSD 4.x (8.2.x)
Example usage:
$ host -t ns domain.com
domain.com name server dns1.domain.com
$ ./bind9 dns1.domain.com domain.com 0
[..expl output..]
I didnt test it; its workin or not.
Anybody have knowlegde about this.Sorry for my
poor english:)
if anyone wanna test it I can send the source code.
holy () linuxmail org
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
--
Jay
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
- Re: Bind 9.2.X exploit???, (continued)
- Re: Bind 9.2.X exploit??? Alexandru Balan (Jul 26)
- Re: Bind 9.2.X exploit??? Muhammad Faisal Rauf Danka (Jul 25)
| 
Intro
