Security Incidents mailing list archives
Re: Continued DoS seen on BIND8.2.2p7
From: Ryan Russell <ryan () SECURITYFOCUS COM>
Date: Sat, 3 Mar 2001 18:52:03 -0700
On Sat, 3 Mar 2001, Paul Makepeace wrote:
I was under the impression BIND8.2.2p7 was fixed re: recent DoS exploits. I'm still seeing named die from time to time, always preceded by the same signature:
No, not at all. Anything before 8.2.3-REL has serious problems. There is an exploitable overflow in the version you're running, which if not done just right (or if the attacker doesn't care) results in a crash (a DoS) rather than code being pushed. Or there may be exploits that push code AND crash, I don't know. You need to upgrade in any case.
Is this a new attack? I have added allow-transfer directives to named.conf (finally :)
I don't believe that helps much. The exploit is supposed to be possible over UDP as well. Ryan
Current thread:
- Continued DoS seen on BIND8.2.2p7 Paul Makepeace (Mar 03)
- Re: Continued DoS seen on BIND8.2.2p7 Ryan Russell (Mar 04)
- Re: Continued DoS seen on BIND8.2.2p7 Valdis Kletnieks (Mar 04)
- Message not available
- Re: Continued DoS seen on BIND8.2.2p7 Paul Makepeace (Mar 04)
- Re: Continued DoS seen on BIND8.2.2p7 Ryan Russell (Mar 04)