[17571] in bugtraq
Re: BIND 8.2.2-P5 Possible DOS
daemon@ATHENA.MIT.EDU (Jeroen Ruigrok/Asmodai)
Thu Nov 9 02:49:34 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20001108215951.A53141@daemon.ninth-circle.org>
Date: Wed, 8 Nov 2000 21:59:51 +0100
Reply-To: Jeroen Ruigrok/Asmodai <asmodai@FREEBSD.ORG>
From: Jeroen Ruigrok/Asmodai <asmodai@FREEBSD.ORG>
X-To: naif@inet.it
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.30.0011071339510.29294-100000@naif.inet.it>; from
fabio@TELEMAIL.IT on Tue, Nov 07, 2000 at 01:40:49PM +0100
-On [20001108 19:01], Fabio Pietrosanti (naif) (fabio@TELEMAIL.IT) wrote:
>playing with bind and ZXFR feature ( zone transfer compressed with a
>possible insecure execlp("gzip", "gzip", NULL); ), i discovered a
>Denial Of Service against Bind 8.2.2-P5 .
Data points:
FreeBSD 4-STABLE and 5-CURRENT with BIND 8.2.3-T5B and T6B plus aa_patch
and the described `DoS/exploit' will not work. The logs show that it
got a zonetransfer type which was unsupported, but the named just keeps
on ticking.
Solaris with BIND 8.2.2-p5 has no problems as well. And I am betting
money on it that BIND 8.2.2-p5 will not fail under FreeBSD as well.
Personally I think it will not cause problems on a lot of systems, aside
from spurious log entries.
However, there is always a chance of DoS'ing a nameserver with
zonetransfers. But that falls outside the reported scope of the
mentioned special DoS/exploit using ZXFR's in conjunction with BIND.
--
Jeroen Ruigrok vd Werven/Asmodai asmodai@[wxs.nl|bart.nl|freebsd.org]
Documentation nutter/C-rated Coder BSD: Technical excellence at its best
The BSD Programmer's Documentation Project <http://home.wxs.nl/~asmodai>
The fragrance always stays in the hand that gives the rose...