[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Re: approved AXFR
- Subject: Re: [cobalt-security] Re: approved AXFR
- From: "Gareth Bromley" <gbromley@xxxxxxxxxxx>
- Date: Wed, 30 Jan 2002 09:14:50 -0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
>How they use AXFR transfers to get access I don’t now? But the transfers
>started a few days before the hackers gain access.
Many ways. The most likely would be one of the following:
ISC host Remote Buffer Overflow Vulnerability -
http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id=188
7
Multiple Vendor BIND (NXT Overflow & Denial of Service) Vulnerabilities
http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id=788
ISC BIND Internal Memory Disclosure Vulnerability -
http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id=232
1
Multiple Vendor BIND iquery buffer overflow Vulnerability -
http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id=134
Ways to discourage/prevent this behaviour are:
- Use of ACLs to restrict queries/transfers (if the GUI doesn't cause
problems ;) )
- Hide the version of bind in use by version "Whatever you like here"; in
the options section of named.conf
- Latest versions etc..
Enjoy,
--Gareth