[17571] in bugtraq

home help back first fref pref prev next nref lref last post

Re: BIND 8.2.2-P5 Possible DOS

daemon@ATHENA.MIT.EDU (Jeroen Ruigrok/Asmodai)
Thu Nov 9 02:49:34 2000

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID:  <20001108215951.A53141@daemon.ninth-circle.org>
Date:         Wed, 8 Nov 2000 21:59:51 +0100
Reply-To: Jeroen Ruigrok/Asmodai <asmodai@FREEBSD.ORG>
From: Jeroen Ruigrok/Asmodai <asmodai@FREEBSD.ORG>
X-To:         naif@inet.it
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <Pine.LNX.4.30.0011071339510.29294-100000@naif.inet.it>; from
              fabio@TELEMAIL.IT on Tue, Nov 07, 2000 at 01:40:49PM +0100

-On [20001108 19:01], Fabio Pietrosanti (naif) (fabio@TELEMAIL.IT) wrote:
>playing with bind and ZXFR feature ( zone transfer compressed with a
>possible insecure execlp("gzip", "gzip", NULL); ), i discovered a
>Denial Of Service against Bind 8.2.2-P5 .

Data points:

FreeBSD 4-STABLE and 5-CURRENT with BIND 8.2.3-T5B and T6B plus aa_patch
and the described `DoS/exploit' will not work.  The logs show that it
got a zonetransfer type which was unsupported, but the named just keeps
on ticking.

Solaris with BIND 8.2.2-p5 has no problems as well.  And I am betting
money on it that BIND 8.2.2-p5 will not fail under FreeBSD as well.

Personally I think it will not cause problems on a lot of systems, aside
from spurious log entries.

However, there is always a chance of DoS'ing a nameserver with
zonetransfers.  But that falls outside the reported scope of the
mentioned special DoS/exploit using ZXFR's in conjunction with BIND.

--
Jeroen Ruigrok vd Werven/Asmodai    asmodai@[wxs.nl|bart.nl|freebsd.org]
Documentation nutter/C-rated Coder BSD: Technical excellence at its best
The BSD Programmer's Documentation Project <http://home.wxs.nl/~asmodai>
The fragrance always stays in the hand that gives the rose...

home help back first fref pref prev next nref lref last post