Security Incidents mailing list archives

Re: BIND 8.2.2.-P3, 0-day exploit

From: kj () INDIFFERENCE ORG (kj)
Date: Mon, 24 Apr 2000 16:57:44 -0700


On Sat, Apr 22, 2000 at 12:58:15PM +0200, Patrick Oonk wrote:

Hi,

I hear many people about being rooted with a hole
in BIND 8.2.2-P3 (most of them Linux boxes)

So what is going on ? Is there some
0-day exploit doing rounds?


Actually, I think only BIND 8.2.2-p5 is safe (?).

And remember _don't_ run it as root and chroot it if you can.

K.J.

"Never argue with an idiot. He will take you down to his level, and beat
you with experience."

Current thread:

Re: Rooted through in.identd on Red Hat 6.0, (continued)
- - - Re: Rooted through in.identd on Red Hat 6.0 Cold Fire (Apr 20)
    - Re: Rooted through in.identd on Red Hat 6.0 Jose Nazario (Apr 21)
    - Re: Rooted through in.identd on Red Hat 6.0 Richard Wash (Apr 20)
    - Re: Rooted through in.identd on Red Hat 6.0 J. J. Horner (Apr 20)
    - Re: Rooted through in.identd on Red Hat 6.0 Del Elson (Apr 21)
    - Re: Rooted through in.identd on Red Hat 6.0 jms (Apr 21)
    - !!!Linux ELF infector!!! dEStr0YEr (Apr 21)
    - Re: !!!Linux ELF infector!!! John Flux (Apr 24)
    - BIND 8.2.2.-P3, 0-day exploit Patrick Oonk (Apr 22)
    - Re: BIND 8.2.2.-P3, 0-day exploit Jon Lewis (Apr 24)
    - Re: BIND 8.2.2.-P3, 0-day exploit kj (Apr 24)
    - Odd snmp scans from 10.0.0.0/8 address ??? Russell Fulton (Apr 25)
    - Re: BIND 8.2.2.-P3, 0-day exploit Stone (Apr 26)
    - Re: BIND 8.2.2.-P3, 0-day exploit Ryan Russell (Apr 27)
    - Re: BIND 8.2.2.-P3, 0-day exploit Patrick Oonk (Apr 27)
    - regulary 137 and 524 port scan Cho Yongsang (Apr 27)
    - huge scans from www.oix.com jose (Apr 28)
    - I am popular today... Dirk Koopman (Apr 28)
    - Re: I am popular today... Ryan Sweat (Apr 28)
    - Analysis: AboveNet attacks Robert Graham (Apr 28)
    - Re: I am popular today... Ville (Apr 29)

(Thread continues...)