[18900] in bugtraq
Re: fingerprinting BIND 9.1.0
daemon@ATHENA.MIT.EDU (Eric Limpens)
Tue Jan 30 22:10:04 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20010130202832.A23363@limpens.net>
Date: Tue, 30 Jan 2001 20:28:32 +0100
Reply-To: Eric Limpens <eric@LIMPENS.NET>
From: Eric Limpens <eric@LIMPENS.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <5.0.2.1.2.20010129125423.00a7f990@127.0.0.01>; from
vision@WHITEHATS.COM on Mon, Jan 29, 2001 at 03:50:31PM -0800
On Mon, Jan 29, 2001 at 03:50:31PM -0800, Max Vision wrote:
> Hi,
>
> The BIND 9.1.0beta releases and now BIND 9.1.0 include another hard coded
> chaos record called "authors". So now even if an admin changes or
> suppresses their version reply string, a remote user can still determine
> whether the server is running BIND 9.x. With the recent discovery of the
> tsig bug in BIND there will probably be a huge rise in version
> queries. Some attackers may remove ambiguity by skipping servers that
> reply to authors.bind (inferring that it's bind 9.1.0 and not vulnerable).
>
> % dig @ns.example.com authors.bind chaos txt
>
For the absolute paranoid (all of us I guess), this patch will disable at
least that fingerprinting.
Eric
-------->8 cut here 8<-------
--- server.c.org Tue Jan 30 20:25:57 2001
+++ server.c Tue Jan 30 20:23:03 2001
@@ -1667,7 +1667,7 @@
CHECK(create_bind_view(&view));
ISC_LIST_APPEND(lctx.viewlist, view, link);
CHECK(create_version_zone(cctx, server->zonemgr, view));
- CHECK(create_authors_zone(server->zonemgr, view));
+/* CHECK(create_authors_zone(server->zonemgr, view));*/
dns_view_freeze(view);
view = NULL;
-------->8 cut here 8<-------
--
GIT$ d+ s+:- !a C+++ UL++++ P+++ L+++ E--- W+ N++ o K+ w--
O- M- V- PS PE Y+ PGP++ t 5 X R- tv+ b++ DI++ D
G e h+ r y?
