Bugtraq mailing list archives
Re: fingerprinting BIND 9.1.0
From: Eric Limpens <eric () LIMPENS NET>
Date: Tue, 30 Jan 2001 20:28:32 +0100
On Mon, Jan 29, 2001 at 03:50:31PM -0800, Max Vision wrote:
Hi, The BIND 9.1.0beta releases and now BIND 9.1.0 include another hard coded chaos record called "authors". So now even if an admin changes or suppresses their version reply string, a remote user can still determine whether the server is running BIND 9.x. With the recent discovery of the tsig bug in BIND there will probably be a huge rise in version queries. Some attackers may remove ambiguity by skipping servers that reply to authors.bind (inferring that it's bind 9.1.0 and not vulnerable). % dig @ns.example.com authors.bind chaos txt
For the absolute paranoid (all of us I guess), this patch will disable at least that fingerprinting. Eric -------->8 cut here 8<------- --- server.c.org Tue Jan 30 20:25:57 2001 +++ server.c Tue Jan 30 20:23:03 2001 @@ -1667,7 +1667,7 @@ CHECK(create_bind_view(&view)); ISC_LIST_APPEND(lctx.viewlist, view, link); CHECK(create_version_zone(cctx, server->zonemgr, view)); - CHECK(create_authors_zone(server->zonemgr, view)); +/* CHECK(create_authors_zone(server->zonemgr, view));*/ dns_view_freeze(view); view = NULL; -------->8 cut here 8<------- -- GIT$ d+ s+:- !a C+++ UL++++ P+++ L+++ E--- W+ N++ o K+ w-- O- M- V- PS PE Y+ PGP++ t 5 X R- tv+ b++ DI++ D G e h+ r y?
Current thread:
- fingerprinting BIND 9.1.0 Max Vision (Jan 30)
- Re: fingerprinting BIND 9.1.0 Eric Limpens (Jan 30)
- <Possible follow-ups>
- Re: fingerprinting BIND 9.1.0 buglist (Jan 30)
- Re: fingerprinting BIND 9.1.0 William D. Colburn (aka Schlake) (Jan 31)
- Re: fingerprinting BIND 9.1.0 Lucas Holt (Jan 31)
- Re: fingerprinting BIND 9.1.0 William D. Colburn (aka Schlake) (Jan 31)