Security Incidents mailing list archives
Re: Bind compromise
From: Antonio Carlos Pina <apina () infolink com br>
Date: Wed, 21 Feb 2001 11:28:11 -0300
Jason, I haven't seen any a Bind 8.2.3-REL exploit yet, but I DID saw an 8.2.2 box rooted (t0rnkit) with NDC STATUS reporting "8.2.3-REL". The customer told me "Nobody did the upgrade, we're pretty sure" and I believe them because there's only one linux-man there and he is on vacation. Unfortunately, I couldn't investigate more, but there's a real possibility that this kit have upgraded bind or at least tried to fool them, changing strings(?). Best Regards, Cordialmente, Antonio Carlos Pina Diretor de Tecnologia INFOLINK Internet http://www.infolink.com.br ----- Original Message ----- From: "Jason Lewis" <jlewis () JASONLEWIS NET> To: <INCIDENTS () SECURITYFOCUS COM> Sent: Tuesday, February 20, 2001 8:56 PM Subject: Re: Bind compromise
Is there an exploit for 8.2.3-REL? What else was running on this box? ftpd? What version of SSH? I am rolling out two new name servers and I would rather not roll out something with holes. What kind of options are you using in the named.conf? Is it secure? jas http://www.rivalpath.com
Current thread:
- FYI: Bind compromise Jim Olsen (Feb 20)
- Re: FYI: Bind compromise Noel Rosenberg (Feb 20)
- Re: Bind compromise Ryan Sweat (Feb 20)
- Re: FYI: Bind compromise gabriel rosenkoetter (Feb 20)
- Re: FYI: Bind compromise Jim Olsen (Feb 21)
- Re: FYI: Bind compromise gabriel rosenkoetter (Feb 21)
- Re: FYI: Bind compromise Jim Olsen (Feb 21)
- Re: FYI: Bind compromise Jim Olsen (Feb 21)
- Re: Bind compromise Jason Lewis (Feb 20)
- Re: Bind compromise Antonio Carlos Pina (Feb 21)
- Re: Bind compromise John (Feb 21)
- Re: FYI: Bind compromise Phil Brutsche (Feb 20)
- Re: FYI: Bind compromise Jim Olsen (Feb 21)
- Re: FYI: Bind compromise Jason Lewis (Feb 21)
- <Possible follow-ups>
- Re: FYI: Bind compromise Roberto (Feb 21)