[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Re: approved AXFR

Subject: Re: [cobalt-security] Re: approved AXFR
From: "Gareth Bromley" <gbromley@xxxxxxxxxxx>
Date: Wed, 30 Jan 2002 09:14:50 -0000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

>How they use AXFR transfers to get access I don’t now? But the transfers
>started a few days before the hackers gain access.

Many ways. The most likely would be one of the following:
ISC host Remote Buffer Overflow Vulnerability -
http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id=188
7
Multiple Vendor BIND (NXT Overflow & Denial of Service) Vulnerabilities
http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id=788
ISC BIND Internal Memory Disclosure Vulnerability -
http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id=232
1
Multiple Vendor BIND iquery buffer overflow Vulnerability -
http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id=134

Ways to discourage/prevent this behaviour are:
- Use of ACLs to restrict queries/transfers (if the GUI doesn't cause
problems ;) )
- Hide the version of bind in use by version "Whatever you like here"; in
the options section of named.conf
- Latest versions etc..

Enjoy,

--Gareth

References:
- SV: [cobalt-security] Re: approved AXFR
  - From: Kai r. s., euroweb as

Prev by Date: Re: : [cobalt-security] [RaQ4] Good logchecker.ignore file for RaQ4i
Next by Date: [cobalt-security] Domain of sender address does not resolve
Previous by thread: SV: [cobalt-security] Re: approved AXFR
Next by thread: : [cobalt-security] [RaQ4] Good logchecker.ignore file for RaQ4i

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index