Bugtraq mailing list archives
BIND Nuking
From: MoNoLiTH+ () CMU EDU (Aveek Datta)
Date: Fri, 25 Jul 1997 00:49:45 -0400
This was sent to me by my nameserver administrator. Credit goes to him, listed below. ============================ This little script "bind_nuke" : --------------------------------------------------> #!/bin/bash echo 'bind_nuke (c) Artur Skawina skawina () usa net' nsupdate <<END update delete x.$1 A update add x.$1 60 IN A 3.2.3.6 update delete x.$1 A END <-------------------------------------------------- when executed as "bind_nuke bogus.org" on a host, that bogus.org's primary NS is configured to accept updates from, will cause named to silently die. Nothing in the logs, nothing on the console. After a number of similar packets has been received by named any subsequent attempt to run it will only result in a Segmentation Fault. [and there's "spoofing"...] The problem seems to be that bind can not handle updating the same RR more than once in the same DNS packet. And as it saves the update requests in the <zone>.log file and attempts to perform the updates again when restarted, the bug is triggered again... The bug is present in both bind8.1 and bind8.1.1. With bind8.1 one such DU packet was enough to prevent named from runing, until the /var/named/pri/<zone>.log file was removed/edited. Bind 8.1.1 needs a few packets (but usually <=3) before this happens (named still dies after only one packet, but it is sometimes possible to restart it w/o any immediate errors/warnings). Network Administrator, Monolith Internet Services [TM] _ _ _ _ Aveek SysAdmin, Carnegie Mellon Univ ITC _ __ ___ _ _ ___| (_) |_| |_Datta Personal Website @ datta.ml.org _| ' \/ _ \ ' \/ _ \ | | _| ' \ _ All opinions are ONLY mine. (_)_|_|_\___/_||_\___/_|_|\__|_||_(_) [Get a free domain for your website or machine at http://www.ml.org]
Current thread:
- Re: CPSR 7: IRIX WWW Server Thomas Walter (Jul 24)
- Re: CPSR 7: IRIX WWW Server Aaron Bornstein (Jul 24)
- Security hole in mgetty+sendfax Gert Doering (Jul 24)
- BIND Nuking Aveek Datta (Jul 24)
- Re: BIND Nuking Thomas H. Ptacek (Jul 29)
- ANNOUNCE: inn-1.5.1sec (fwd) Christopher Samuel (Jul 30)
- Re: Security hole in mgetty+sendfax Gert Doering (Jul 25)
- BIND Nuking Nicolas Dubee (Jul 25)
- Re: your mail Ariel Biener (Jul 25)
- Re: request-route Zoltan Hidvegi (Jul 28)
- Re: request-route Eric Bennett (Jul 29)
- Re: request-route John Macdonald (Jul 29)
- Re: request-route Kragen Sitaker (Jul 30)
- Re: request-route John Macdonald (Jul 31)
- BIND Nuking Aveek Datta (Jul 24)