Re: BIND 8.2.2-P5 Possible DOS

[Jeroen Ruigrok/Asmodai <asmodai () FREEBSD ORG>]

-On [20001108 19:01], Fabio Pietrosanti (naif) (fabio () TELEMAIL IT) wrote:
> playing with bind and ZXFR feature ( zone transfer compressed with a
> possible insecure execlp("gzip", "gzip", NULL); ), i discovered a
> Denial Of Service against Bind 8.2.2-P5 .

Data points:

FreeBSD 4-STABLE and 5-CURRENT with BIND 8.2.3-T5B and T6B plus aa_patch
and the described `DoS/exploit' will not work.  The logs show that it
got a zonetransfer type which was unsupported, but the named just keeps
on ticking.

Solaris with BIND 8.2.2-p5 has no problems as well.  And I am betting
money on it that BIND 8.2.2-p5 will not fail under FreeBSD as well.

Personally I think it will not cause problems on a lot of systems, aside
from spurious log entries.

However, there is always a chance of DoS'ing a nameserver with
zonetransfers.  But that falls outside the reported scope of the
mentioned special DoS/exploit using ZXFR's in conjunction with BIND.

--
Jeroen Ruigrok vd Werven/Asmodai    asmodai@[wxs.nl|bart.nl|freebsd.org]
Documentation nutter/C-rated Coder BSD: Technical excellence at its best
The BSD Programmer's Documentation Project <http://home.wxs.nl/~asmodai>
The fragrance always stays in the hand that gives the rose...