oss-sec mailing list archives

Re: debian bug report on bind9 DoS

From: Nico Golde <oss-security+ml () ngolde de>
Date: Wed, 29 Jul 2009 11:20:09 +0200

Hi,
* Robert Buchholz <rbu () gentoo org> [2009-07-29 00:13]:

On Tuesday 28 July 2009, Vincent Danen wrote:

I don't think
it's a huge problem with a well-secured bind9 configuration, but
could be quite problematic for bind config's that allow updates
without an RNDC key (typical of some dynamic DNS implementations), or
on a system that has lax enough permissions that the RNDC key is
exposed.


The crash is not limited to configurations that allow updates.


Confirmed.

The ISC advisory states so as well, and I could reproduce the DoS on a 
static named instance by removing the "$packet->sign_tsig(...)" line in 
the exploit. So the scope of this issue is wider than apparent from
the original report.


Hmm I'd consider that a bug as well or is there a reason why 
bind shouldn't verify update's authorization before 
processing them?

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: _bin
Description:

Current thread:

debian bug report on bind9 DoS Vincent Danen (Jul 28)
- Re: debian bug report on bind9 DoS Thijs Kinkhorst (Jul 28)
  - Re: debian bug report on bind9 DoS Vincent Danen (Jul 28)
- Re: debian bug report on bind9 DoS Robert Buchholz (Jul 28)
  - Re: debian bug report on bind9 DoS Nico Golde (Jul 29)
  - Re: debian bug report on bind9 DoS Solar Designer (Jul 29)
    - Re: debian bug report on bind9 DoS Solar Designer (Jul 29)