Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bind 9.2.X exploit???

From: Alexandru Balan <jay () iNES RO>
Date: 26 Jul 2002 13:19:29 +0300
i asked the guy for the exploit, ran it. and it seems to fork in
background and afterwards it starts flooding with UDP packets 
161.69.3.150 ;P not nice, not nice at all
On Thu, 2002-07-25 at 04:05, ilker güvercin wrote:



I found a tool on my compramised machine called 
bind9 and the source code is still there.
its made by team teso  bind9 Exploit by by scut of 
teso [http://teso.scene.at/]...
Usage: ./bind remote_addr domainname target_id
Targets:
 0 - Linux RedHat 6.0 (9.2.x)
 1 - Linux RedHat 6.2 (9.2.x)
 2 - Linux RedHat 7.2 (9.2.x)
 3 - Linux Slackware 8.0 (9.2.x)
 4 - Linux Debian (all) (9.2.x)
 5 - FreeBSD 3.4 (8.2.x)
 6 - FreeBSD 3.5 (8.2.x)
 7 - FreeBSD 4.x (8.2.x)

 Example usage:
$ host -t ns domain.com
domain.com name server dns1.domain.com
$ ./bind9 dns1.domain.com domain.com 0
 [..expl output..]
I didnt test it; its workin or not.
Anybody have knowlegde about this.Sorry for my 
poor english:)
if anyone wanna test it I can send the source code.
holy () linuxmail org

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com



--
Jay


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: