Security Incidents mailing list archives

Re: Continued DoS seen on BIND8.2.2p7

From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Sun, 4 Mar 2001 11:36:13 -0500

On Sat, 03 Mar 2001 18:52:03 MST, Ryan Russell <ryan () SECURITYFOCUS COM>  said:

I don't believe that helps much.  The exploit is supposed to be possible
over UDP as well.


Note the exploit works over UDP, and *EVEN IF* you have 'allow-query'
restrictions in place that would block an actual query from the site.
The TSIG checking code is called *before* the allow-query ACL's are
checked.

                                Valdis Kletnieks
                                Operating Systems Analyst
                                Virginia Tech

Current thread:

Continued DoS seen on BIND8.2.2p7 Paul Makepeace (Mar 03)
- Re: Continued DoS seen on BIND8.2.2p7 Ryan Russell (Mar 04)
  - Re: Continued DoS seen on BIND8.2.2p7 Valdis Kletnieks (Mar 04)
- Message not available
  - Re: Continued DoS seen on BIND8.2.2p7 Paul Makepeace (Mar 04)