Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BIND 8.2.2.-P3, 0-day exploit

From: ident () LINEONE NET (Stone)
Date: Wed, 26 Apr 2000 13:35:49 +0100


On Sat, Apr 22, 2000 at 12:58:15PM +0200, Patrick Oonk wrote:

Hi,

I hear many people about being rooted with a hole
in BIND 8.2.2-P3 (most of them Linux boxes)

So what is going on ? Is there some
0-day exploit doing rounds?



Actually, I think only BIND 8.2.2-p5 is safe (?).

And remember _don't_ run it as root and chroot it if you can.


Would it not be a good idea to alter the reponce of the version number
in bind also? at least this would prevent mass exploit scanners detecting
vulnerable
versions. Here is the config for doing this in Bind 8:

options {
        directory "/var/named";
 version "[Secured]";

};

This would cause your system to reply with [Secured] to a dig/nslookup
version request
to your box.

Chris Hearn - chris.hearn () btinternet com
Previous By Date Next
Previous By Thread Next

Current thread: