oss-sec mailing list archives
Re: debian bug report on bind9 DoS
From: Nico Golde <oss-security+ml () ngolde de>
Date: Wed, 29 Jul 2009 11:20:09 +0200
Hi, * Robert Buchholz <rbu () gentoo org> [2009-07-29 00:13]:
On Tuesday 28 July 2009, Vincent Danen wrote:I don't think it's a huge problem with a well-secured bind9 configuration, but could be quite problematic for bind config's that allow updates without an RNDC key (typical of some dynamic DNS implementations), or on a system that has lax enough permissions that the RNDC key is exposed.The crash is not limited to configurations that allow updates.
Confirmed.
The ISC advisory states so as well, and I could reproduce the DoS on a static named instance by removing the "$packet->sign_tsig(...)" line in the exploit. So the scope of this issue is wider than apparent from the original report.
Hmm I'd consider that a bug as well or is there a reason why bind shouldn't verify update's authorization before processing them? Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- debian bug report on bind9 DoS Vincent Danen (Jul 28)
- Re: debian bug report on bind9 DoS Thijs Kinkhorst (Jul 28)
- Re: debian bug report on bind9 DoS Vincent Danen (Jul 28)
- Re: debian bug report on bind9 DoS Robert Buchholz (Jul 28)
- Re: debian bug report on bind9 DoS Nico Golde (Jul 29)
- Re: debian bug report on bind9 DoS Solar Designer (Jul 29)
- Re: debian bug report on bind9 DoS Solar Designer (Jul 29)
- Re: debian bug report on bind9 DoS Thijs Kinkhorst (Jul 28)