Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: bind9 remote vulnerability, possibly exploitable - vendor unresponsive :~~~<

From: Mark Andrews <Mark_Andrews () isc org>
Date: Tue, 04 Sep 2007 10:52:47 +1000
        

From: herbietwink whatsitworth2ya <herbietwink_at_gmail.com>
Date: Sat, 25 Aug 2007 04:38:27 +1000

..#@1 [x] \\\\\\\\\/\/3ZTc04ztC00ol3Rcr3w @#@#$@#$ .[x].

if ur queer and ur not sure u know it - clap ur handz
is what i'd say

if i had immunity shaved in the back if my head
..and i was undecided as to whether i wanted to sink the pink or the brown
....itz ok i hire young euro entourage boys at a bargin price

WC crU ready to drop some threatc0n5 shit more serious then a gadi evron
threat at defcon presentation * 5
cuntz g0t right amougzt it rem0te shell bind9 r00ter, uneed more inf0? read
the c0de n00b lololol

pr0pz 2 mixt3r foundin father of int33ger skullduggry

READY
&
GO @#$$%

struct dns_rdata {
    unsigned char * data;
    int length;
    dns_rdataclass_t rdclass;
    dns_rdatatype_t type;
    int flags;
    ISC_LINK(dns_rdata_t) link;
};


        I say, "Never let reality get in the way of a good story ..."
        except people actually believed this load of rubbish.

        Well rdata->length is (unsigned int) as is tr.length.

1.1          (halley   16-Dec-98): struct dns_rdata {
1.4          (halley   13-Jan-99):      unsigned char *                 data;
1.4          (halley   13-Jan-99):      unsigned int                    length;
1.19         (halley   02-Aug-99):      dns_rdataclass_t                rdclass;
1.4          (halley   13-Jan-99):      dns_rdatatype_t                 type;
1.42         (marka    19-Oct-00):      unsigned int                    flags;
1.4          (halley   13-Jan-99):      ISC_LINK(dns_rdata_t)           link;
1.4          (halley   13-Jan-99): };

        and as it was in version 1.1

/*
 * Clients are strongly discouraged from using this type directly.
 */
struct dns_rdata {
        unsigned char *data;
        unsigned int length;
        dns_rdataclass_t class;
        dns_rdatatype_t type;
        /*
         * XXX should rdata be linkable (i.e. as in <isc/list.h>) to make
         * rdata lists easy?
         */
};

        Mark

        P.S.  If he had actually reported it to us (ISC) it would
        have reached my mailbox by one path or another as we don't
        let reports of security vulnerabilities go unexamined.

        Yes. I am the lead Engineer on BIND 9.


isc_result_t
dns_rdata_towire(dns_rdata_t *rdata, dns_compress_t *cctx,
         isc_buffer_t *target)
{
    isc_result_t result = ISC_R_NOTIMPLEMENTED;
    isc_boolean_t use_default = ISC_FALSE;
    isc_region_t tr;
    isc_buffer_t st;

    REQUIRE(rdata != NULL);
    REQUIRE(DNS_RDATA_VALIDFLAGS(rdata));

    /*
     * Some DynDNS meta-RRs have empty rdata.
     */
    if ((rdata->flags & DNS_RDATA_UPDATE) != 0) {
        INSIST(rdata->length == 0);
        return (ISC_R_SUCCESS);
    }

    st = *target;

    TOWIRESWITCH

    if (use_default) {
        isc_buffer_availableregion(target, &tr);
        if (tr.length < rdata->length)
            return (ISC_R_NOSPACE);
        memcpy(tr.base, rdata->data, rdata->length);
        isc_buffer_add(target, rdata->length);
        return (ISC_R_SUCCESS);
    }
    if (result != ISC_R_SUCCESS) {
        *target = st;
        INSIST(target->used < 65536);
        dns_compress_rollback(cctx, (isc_uint16_t)target->used);
    }
    return (result);
}

bigup2 Lam3rZ's see u at nonamecon

Herbert Twinkleworth
*Information Security Interest Group - NZ

*

-- 
Mark Andrews (BE Elec), ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE:  +61 2 9871 4742                  INTERNET: Mark_Andrews () isc org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: