Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Possible DOS in Bind 8.2.2-P5

From: Jonatan Sarba <J_SARBA () CRM COM AR>
Date: Mon, 13 Nov 2000 11:25:50 -0300
milg:~# named-xfer -z zone.com.ar -d 9 -f pics -Z dns.zone.com.ar

named-xfer[3916]: send ZXFR query 0 to 200.0.1.101
named-xfer[3916]: premature EOF, fetching "zone.com.ar"

and the logs in dns server was:

Nov 13 13:55:36 dns named[19877]: zone transfer (ZXFR) of "zone.com.ar" (IN)
to [200.0.1.101].2916
Nov 13 13:55:36 dns named[30890]: execlp: No such file or directory
Nov 13 13:55:36 dns named[19877]: zxfr gzip pid 30890

i've chrooted the named daemon running on redhat-6.0. I think that the user
who runs the daemon, doesn't have permissions to execute the 'execlp'
function. Is it possible?



-----Original Message-----
From: Luke Dudney [SMTP:luke.dudney () WESTNET COM AU]
Sent: Thursday, November 09, 2000 10:12 PM
To:   VULN-DEV () SECURITYFOCUS COM
Subject:      Re: Possible DOS in Bind 8.2.2-P5


-----Original Message-----
From: Fabio Pietrosanti (naif) [mailto:fabio () TELEMAIL IT]
Sent: Wednesday, November 08, 2000 2:57 AM
To: VULN-DEV () SECURITYFOCUS COM
Subject: Possible DOS in Bind 8.2.2-P5


Hi,
playing with bind and ZXFR feature ( zone transfer compressed
with a possible insecure
execlp("gzip", "gzip", NULL); ), i discovered a Denial Of
Service against Bind 8.2.2-P5 .



Crashed bind-8.2.2-P6 (?) from ports on OpenBSD2.7/sparc
Previous By Date Next
Previous By Thread Next

Current thread: