Vulnerability Development mailing list archives
Re: Possible DOS in Bind 8.2.2-P5
From: Guy Cohen <guy () GIZMOZ COM>
Date: Wed, 8 Nov 2000 09:32:48 +0200
Works on solaris7 (sparc). but it crashed after a few tries. with a core. -- gdb Core was generated by `named'. Program terminated with signal 11, Segmentation Fault. Fabio Pietrosanti (naif) <fabio () TELEMAIL IT> wrote:
Hi, playing with bind and ZXFR feature ( zone transfer compressed with a possible insecure execlp("gzip", "gzip", NULL); ), i discovered a Denial Of Service against Bind 8.2.2-P5 . By default Bind 8.2.2-P5 it's not compiled with ZXFR support unless you define it with #define BIND_ZXFR so it will refuse any ZXFR transfer, because it doesn't support it. But now what appens? Look here... ################################ zone to transfer: zone.pippo.com dns server: dns.pippo.com 192.168.1.1 me: naif.gatesux.com 10.10.10.10 I send a Zone Trasnfer request using "-Z" switch with means that i wish to use ZXFR. dns.pippo.com does'nt support ZXFR and have "allow-transfer{}" not configured, so everyone could ask him for *.zone.pippo.com ... <naif@naif> [~/bind/src822p5/bin/named-xfer] $ ./named-xfer -z zone.pippo.com -d 9 -f pics -Z dns.pippo.com named-xfer[29297]: send AXFR query 0 to 192.168.1.1 named-xfer[29297]: premature EOF, fetching "zone.pippo.com" On the server's log: Nov 7 11:19:09 dns.pippo.com: named[188510]: approved ZXFR from [10.10.10.10].2284 for "zone.pippo.com" Nov 7 11:19:09 dns.pippo.com: named[188510]: unsupported XFR (type ZXFR) of "zone.pippo.com" (IN) to [10.10.10.10].2284 Then the server "*** CRASHED ***" . I should assume that bind 8.2.2-P5 it's vulnerable ( Please someone test and confirm this kind of dos) and bind-9.0.0 has no support for ZXFR . <naif@naif> [~/bind] $ find src822p5/ -type f -exec grep -i zxfr \{\} ';' | wc -l 234 <naif@naif> [~/bind] $ find bind-9.0.0/ -type f -exec grep -i zxfr \{\} ';' | wc -l 0 A lot of DNS Server are misconfigured, and allow zone-transfer to any, so they are dossable... naif naif () itapac net
Current thread:
- Possible DOS in Bind 8.2.2-P5 Fabio Pietrosanti (naif) (Nov 08)
- Re: Possible DOS in Bind 8.2.2-P5 Przemyslaw Frasunek (Nov 08)
- Re: Possible DOS in Bind 8.2.2-P5 Fabio Pietrosanti (naif) (Nov 09)
- Re: Possible DOS in Bind 8.2.2-P5 Tomasz Grabowski (Nov 09)
- Re: Possible DOS in Bind 8.2.2-P5 Guy Cohen (Nov 09)
- Re: Possible DOS in Bind 8.2.2-P5 Mariusz Marcinkiewicz (Nov 09)
- Re: Possible DOS in Bind 8.2.2-P5 (my fault, sorry) Mariusz Marcinkiewicz (Nov 10)
- Re: Possible DOS in Bind 8.2.2-P5 Olaf Kirch (Nov 10)
- Re: Possible DOS in Bind 8.2.2-P5 Paul A Vixie (Nov 10)
- Re: Possible DOS in Bind 8.2.2-P5 Daniel Roesen (Nov 10)
- Re: Possible DOS in Bind 8.2.2-P5 fire-eyes (Nov 14)
- <Possible follow-ups>
- Re: Possible DOS in Bind 8.2.2-P5 Fernando Cardoso (Nov 09)
- Re: Possible DOS in Bind 8.2.2-P5 Luke Dudney (Nov 10)
- Re: Possible DOS in Bind 8.2.2-P5 Jonatan Sarba (Nov 14)
- Re: Possible DOS in Bind 8.2.2-P5 Peter Pentchev (Nov 15)
(Thread continues...)
- Re: Possible DOS in Bind 8.2.2-P5 Przemyslaw Frasunek (Nov 08)