Security Incidents mailing list archives

BIND 8.2.2.-P3, 0-day exploit

From: patrick () PINE NL (Patrick Oonk)
Date: Sat, 22 Apr 2000 12:58:15 +0200


Hi,

I hear many people about being rooted with a hole
in BIND 8.2.2-P3 (most of them Linux boxes)

The ISC page states this:

'ISC's BIND 8.2.2-P5 was released on
November 12. It includes many new
features, including the security
updates from 8.2.2-P3. If you are
running a version of BIND prior to
8.2.2-P3, we strongly recommend
upgrading to correct the known
security problems. '

In other words, P3 should be safe.

So what is going on ? Is there some
0-day exploit doing rounds?

        p.

--
 Patrick Oonk -  PO1-6BONE -  patrick () pine nl -  www.pine.nl/~patrick
 Pine Internet - PAT31337-RIPE - PGP keyID BE7497F1 - XOIP 0208723350
 Tel: +31-70-3111010  -   Fax: +31-70-3111011   -  http://security.nl
 PGP   fingerprint   A6 12 66 7F 22 84 1B E5  73 8C 99 F7 17 7B A3 98
 Excuse of the day: The POP server is out of Coke

Current thread:

Re: RH6.1/IPChains box hacked, (continued)
- - - Re: RH6.1/IPChains box hacked mad () STUDENTS ZCU CZ (Apr 21)
    - Re: RH6.1/IPChains box hacked Del Elson (Apr 24)
    - Re: Rooted through in.identd on Red Hat 6.0 Cold Fire (Apr 20)
    - Re: Rooted through in.identd on Red Hat 6.0 Jose Nazario (Apr 21)
    - Re: Rooted through in.identd on Red Hat 6.0 Richard Wash (Apr 20)
    - Re: Rooted through in.identd on Red Hat 6.0 J. J. Horner (Apr 20)
    - Re: Rooted through in.identd on Red Hat 6.0 Del Elson (Apr 21)
    - Re: Rooted through in.identd on Red Hat 6.0 jms (Apr 21)
    - !!!Linux ELF infector!!! dEStr0YEr (Apr 21)
    - Re: !!!Linux ELF infector!!! John Flux (Apr 24)
    - BIND 8.2.2.-P3, 0-day exploit Patrick Oonk (Apr 22)
    - Re: BIND 8.2.2.-P3, 0-day exploit Jon Lewis (Apr 24)
    - Re: BIND 8.2.2.-P3, 0-day exploit kj (Apr 24)
    - Odd snmp scans from 10.0.0.0/8 address ??? Russell Fulton (Apr 25)
    - Re: BIND 8.2.2.-P3, 0-day exploit Stone (Apr 26)
    - Re: BIND 8.2.2.-P3, 0-day exploit Ryan Russell (Apr 27)
    - Re: BIND 8.2.2.-P3, 0-day exploit Patrick Oonk (Apr 27)
    - regulary 137 and 524 port scan Cho Yongsang (Apr 27)
    - huge scans from www.oix.com jose (Apr 28)
    - I am popular today... Dirk Koopman (Apr 28)
    - Re: I am popular today... Ryan Sweat (Apr 28)

(Thread continues...)