Vulnerability Development mailing list archives
Re: BIND infoleak bug details?
From: Lucian Hudin <luci () WARP TRANSART RO>
Date: Mon, 5 Feb 2001 04:15:30 +0200
The NAI advisory on the BIND TSIG bug states that: ``The "infoleak" bug, discovered by Claudio Musmarra, and described in CERT advisory CA-2001-02, permits an attacker to remotely retrieve stack frames from named'' Then, according to ISC: http://www.isc.org/products/BIND/bind-security.html ``It is possible to construct a inverse query that allows the stack to be read remotely exposing environment variables.'' Does anyone have details of the exact specifics of this vulnerability, or exactly what type of malformed iquery will trigger this bug? The CERT advisory, as usual, is completely useless.. - anathema / anathema () box co uk
we (ix & me) have posted on bugtraq the named exploit where everything is explained.... basicly gov-boy all you need to do is read carefully ISC's advisory and then make a diff on 8.2.2-PX / 8.2.3 it is not hard at all... it took us less than an hour to implement the INFOLEAK bug. Well, happy query building. Of course the exploit we've posted it's broken, because there are still many thousands of servers running vulnerable versions. Regards, LucySoft
Current thread:
- BIND infoleak bug details? gov-boi (Feb 04)
- Re: BIND infoleak bug details? Lucian Hudin (Feb 05)
- <Possible follow-ups>
- BIND infoleak bug details? Bruce Leidl (Feb 05)