Security Incidents mailing list archives
Re: BIND 8.2.2.-P3, 0-day exploit
From: ident () LINEONE NET (Stone)
Date: Wed, 26 Apr 2000 13:35:49 +0100
On Sat, Apr 22, 2000 at 12:58:15PM +0200, Patrick Oonk wrote:Hi, I hear many people about being rooted with a hole in BIND 8.2.2-P3 (most of them Linux boxes) So what is going on ? Is there some 0-day exploit doing rounds?Actually, I think only BIND 8.2.2-p5 is safe (?). And remember _don't_ run it as root and chroot it if you can.
Would it not be a good idea to alter the reponce of the version number in bind also? at least this would prevent mass exploit scanners detecting vulnerable versions. Here is the config for doing this in Bind 8: options { directory "/var/named"; version "[Secured]"; }; This would cause your system to reply with [Secured] to a dig/nslookup version request to your box. Chris Hearn - chris.hearn () btinternet com
Current thread:
- Re: Rooted through in.identd on Red Hat 6.0, (continued)
- Re: Rooted through in.identd on Red Hat 6.0 Richard Wash (Apr 20)
- Re: Rooted through in.identd on Red Hat 6.0 J. J. Horner (Apr 20)
- Re: Rooted through in.identd on Red Hat 6.0 Del Elson (Apr 21)
- Re: Rooted through in.identd on Red Hat 6.0 jms (Apr 21)
- !!!Linux ELF infector!!! dEStr0YEr (Apr 21)
- Re: !!!Linux ELF infector!!! John Flux (Apr 24)
- BIND 8.2.2.-P3, 0-day exploit Patrick Oonk (Apr 22)
- Re: BIND 8.2.2.-P3, 0-day exploit Jon Lewis (Apr 24)
- Re: BIND 8.2.2.-P3, 0-day exploit kj (Apr 24)
- Odd snmp scans from 10.0.0.0/8 address ??? Russell Fulton (Apr 25)
- Re: BIND 8.2.2.-P3, 0-day exploit Stone (Apr 26)
- Re: BIND 8.2.2.-P3, 0-day exploit Ryan Russell (Apr 27)
- Re: BIND 8.2.2.-P3, 0-day exploit Patrick Oonk (Apr 27)
- regulary 137 and 524 port scan Cho Yongsang (Apr 27)
- huge scans from www.oix.com jose (Apr 28)
- I am popular today... Dirk Koopman (Apr 28)
- Re: I am popular today... Ryan Sweat (Apr 28)
- Analysis: AboveNet attacks Robert Graham (Apr 28)
- Re: I am popular today... Ville (Apr 29)
- Lots netbios scans (udp 137) Russell Fulton (Apr 30)
- High port UDP probe? Damian Gerow (Apr 25)