Re: BIND infoleak bug details?

[Lucian Hudin <luci () WARP TRANSART RO>]

> The NAI advisory on the BIND TSIG bug states that:
>
> ``The "infoleak" bug, discovered by Claudio Musmarra, and described in
>   CERT advisory CA-2001-02, permits an attacker to remotely retrieve stack
>   frames from named''
>
> Then, according to ISC:
>    http://www.isc.org/products/BIND/bind-security.html
>    ``It is possible to construct a inverse query that allows the stack to
>      be read remotely exposing environment variables.''
>
> Does anyone have details of the exact specifics of this vulnerability, or
> exactly what type of malformed iquery will trigger this bug? The CERT
> advisory, as usual, is completely useless..
>
> - anathema / anathema () box co uk


we (ix & me) have posted on bugtraq the named exploit where
everything is explained.... basicly gov-boy all you need to do
is read carefully ISC's advisory and then make a diff on 8.2.2-PX / 8.2.3
it is not hard at all... it took us less than an hour to implement the
INFOLEAK bug.
 Well, happy query building. Of course the exploit we've posted it's
broken, because there are still many thousands of servers running
vulnerable versions.



 Regards,
 LucySoft