Full Disclosure mailing list archives
Re: THISISNOTMYEXPLOIT
From: taha <tahacalypse () gmail com>
Date: Mon, 3 Aug 2009 17:49:47 +0200
On Sat, Aug 1, 2009 at 3:25 PM, yersinia <yersinia.spiros () gmail com> wrote:
On Fri, Jul 31, 2009 at 5:58 PM, Kingcope<kcope2 () googlemail com> wrote:Hello people, Yes there is a warning when the PoC is compiled. But I guess that is not a big issue.No, problem. It is only necessary to include stdlib.h because malloc is implicitily defined (gcc complaint). Anyway, your POC work as aspected. Thanks. In this days it is difficult to see a true exploit in a mailing list. The fact that bug was discovered from someone else is not important : you have rewritten in another language, so it is only your work. RegardsSo about what PoC am I talking about? It seems that the moderator of bugtraq keeps blocking me because of fancy headlines maybe. The moderator of bugtraq blocked the actual exploit butletthe following messages slip through. The PoC is on milw0rm.com and full disclosure. Thanks for clarifying the issue with the zones, I really have not a 100% understanding of the DNS protocol therefore I took a guess on my named.conf file andput theaddress into the PoC. Thanks for your time, Kingcope 2009/7/31 yersinia <yersinia.spiros () gmail com>:Repost for mailing problem. On Fri, Jul 31, 2009 at 12:14 AM, yersinia <yersinia.spiros () gmail com>wrote:On Thu, Jul 30, 2009 at 1:24 PM, Kingcope <kcope2 () googlemail com>wrote:Hello again, the default setting of 127.in-addr.arpa is a bit weird try ./bind <ip> localhostNever mind. I have only a warning from gcc because it was necessary toinclude stdlib.h for malloc.But, the important thing is that it works as aspected. Regardslewls XD kcope
Hello all, By reading the US-CERT vulnerability issue (CVE-2009-0696) I found this : "The vulnerability affects all servers that are masters for one or more zones and is not limited to those that are configured to allow dynamic updates ". I have some Infoblox master DNS servers with not-allowed dynamic updates, so I'm wondering if they are vulnerable to this attack and if somebody test this PoC on a DNS server which not allow dynamic updates? What is the comportement in this case? Thanks for the help, -- taha
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: THISISNOTMYEXPLOIT yersinia (Aug 01)
- Re: THISISNOTMYEXPLOIT taha (Aug 03)
- Re: THISISNOTMYEXPLOIT yersinia (Aug 03)
- Re: THISISNOTMYEXPLOIT taha (Aug 03)