Vulnerability Development mailing list archives
Re: BEWARE : Possible compromission under BIND 8.2.2-P5 withIqueryprobe
From: Lord Soth <hydrax () NETVISION NET IL>
Date: Tue, 27 Mar 2001 03:51:05 +0200
Well, if named prints a "Port in use" error, then it is clearly not using that socket option for port reusing. After all, it's not mandatory :-) LS Ryan Sweat wrote:
I'm not sure of the technicalities of it, but I have seen it. Let me correct myself here. When named is exploited, and a user starts a background process while in the "exploit terminal", after logging out port 53 will remain open and lsof shows it being owned by the corresponding background process. When named is attempted to restart, it will give an error stating that the "Port is in use" and the interface gets deleted (named ceases to listen on that port). I cannot explain this behaviour, maybe somone else on the list has more experience. -Ryan
Current thread:
- Re: BEWARE : Possible compromission under BIND 8.2.2-P5 with Iquery probe Pasquale Mauro Minervini (Mar 25)
- Re: BEWARE : Possible compromission under BIND 8.2.2-P5 with Iquery probe Ryan Sweat (Mar 25)
- Re: BEWARE : Possible compromission under BIND 8.2.2-P5 withIquery probe Lord Soth (Mar 28)
- Re: BEWARE : Possible compromission under BIND 8.2.2-P5 withIquery probe Ryan Sweat (Mar 28)
- Re: BEWARE : Possible compromission under BIND 8.2.2-P5 withIqueryprobe Lord Soth (Mar 28)
- Re: BEWARE : Possible compromission under BIND 8.2.2-P5 withIquery probe olle (Mar 28)
- Re: BEWARE : Possible compromission under BIND 8.2.2-P5 withIquery probe warning3 (Mar 29)
- Re: BEWARE : Possible compromission under BIND 8.2.2-P5 withIquery probe Lord Soth (Mar 28)
- Re: BEWARE : Possible compromission under BIND 8.2.2-P5 with Iquery probe Ryan Sweat (Mar 25)