Vulnerability Development mailing list archives

Re: Possible DOS in Bind 8.2.2-P5

From: Fernando Cardoso <fernando () BN PT>
Date: Wed, 8 Nov 2000 10:25:42 -0000

Just tried on RedHat 6.0. No DoS...

[root@dns1 /root]# named-xfer -z xxx.org -d 9 -f dump_dns -Z dns2 -l log.dns

[root@dns1 /root]# cat log.dns.knvl2m
domain `xxx.org'; file `dump_dns'; serial 0
zone found (2): "xxx.org", source = dump_dns
Arg: "dns2" AXFR
addrcnt = 1
getzone() xxx.org secondary
address [x.x.x.2] AXFR
connecting to server #1 [x.x.x.2].53
len = 154
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62154
;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;;      xxx.org, type = SOA, class = IN
xxx.org.            1D IN SOA       dns1. me () somewhere pt. (
                                        200000000      ; serial
                                        8H              ; refresh
                                        2H              ; retry
                                        1W              ; expiry
                                        1D )            ; minimum

xxx.org.            1D IN NS        dns1
xxx.org.            1D IN NS        dns1
dns1          1D IN A         x.x.x.1
dns2          1D IN A         x.x.x.2
need update, serial 200000000
send ZXFR query to x.x.x.2
bufsize = 1024
close(5) succeeded
error receiving zone transfer

[root@dns2 fernando]# tail  /var/log/messages
Nov  8 11:07:56 dns2 named[309]: approved ZXFR from [x.x.x.1].1793 for
"xxx.org"
Nov  8 11:07:56 dns2 named[309]: unsupported XFR (type ZXFR) of "xxx.org"
(IN) to [x.x.x.1].1793

Fernando

_________________________________________________________
Fernando Cardoso              Phone:   +351 21 7982186
Network Administrator         Fax:     +351 21 7982185
National Library              E-mail:  fernando () bn pt
Portugal                      PGP ID:  28551CB8


Hi,
playing with bind and ZXFR feature ( zone transfer compressed
with a possible insecure
execlp("gzip", "gzip", NULL); ), i discovered a Denial Of
Service against Bind 8.2.2-P5 .

By default Bind 8.2.2-P5 it's not compiled with ZXFR support
unless you define it with #define BIND_ZXFR
so it will refuse any ZXFR transfer, because it doesn't support it.
But now what appens? Look here...
[...]

Current thread:

Re: Possible DOS in Bind 8.2.2-P5, (continued)
- Re: Possible DOS in Bind 8.2.2-P5 Przemyslaw Frasunek (Nov 08)
  - Re: Possible DOS in Bind 8.2.2-P5 Fabio Pietrosanti (naif) (Nov 09)
- Re: Possible DOS in Bind 8.2.2-P5 Tomasz Grabowski (Nov 09)
- Re: Possible DOS in Bind 8.2.2-P5 Guy Cohen (Nov 09)
- Re: Possible DOS in Bind 8.2.2-P5 Mariusz Marcinkiewicz (Nov 09)
  - Re: Possible DOS in Bind 8.2.2-P5 (my fault, sorry) Mariusz Marcinkiewicz (Nov 10)
  - Re: Possible DOS in Bind 8.2.2-P5 Olaf Kirch (Nov 10)
    - Re: Possible DOS in Bind 8.2.2-P5 Paul A Vixie (Nov 10)
- Re: Possible DOS in Bind 8.2.2-P5 Daniel Roesen (Nov 10)
- Re: Possible DOS in Bind 8.2.2-P5 fire-eyes (Nov 14)
- Re: Possible DOS in Bind 8.2.2-P5 Fernando Cardoso (Nov 09)
- Re: Possible DOS in Bind 8.2.2-P5 Luke Dudney (Nov 10)
- Re: Possible DOS in Bind 8.2.2-P5 Jonatan Sarba (Nov 14)
  - Re: Possible DOS in Bind 8.2.2-P5 Peter Pentchev (Nov 15)
    - Re: Possible DOS in Bind 8.2.2-P5 Johnson, Jeremiah (Nov 15)
    - Re: Possible DOS in Bind 8.2.2-P5 Matt Zimmerman (Nov 15)
- Re: Possible DOS in Bind 8.2.2-P5 Paul Pot (Nov 15)
- Re: Possible DOS in Bind 8.2.2-P5 Chris Tobkin (Nov 15)