Bug#4503: SERIOUS PROBLEM WITH DNS SERVERS AND BAD RECORDS - Rev 4.9.4 (fwd)

17 Sep 1996 03:18:51 -0000 

Package: bind
Version: 4.9.3-P1-3

This message indicates that 4.9.4-P1 fixes some serious bugs,
yet it is not yet packaged for Debian, even in rex.

------- start of forwarded message -------
Path: 
kronos.newsfirst.com!nntp.newsfirst.com!nntp.crosslink.net!news.magicnet.net!news.sprintlink.net!news-fw-6.sprintlink.net!newsreader.sprintlink.net!news.sprintlink.net!news-peer.sprintlink.net!newsfeed.internetmci.com!in3.uu.net!vixie!nnrp.vix.com!vixie
From: [EMAIL PROTECTED] (Paul A Vixie)
Newsgroups: comp.protocols.tcp-ip.domains
Subject: Re: SERIOUS PROBLEM WITH DNS SERVERS AND BAD RECORDS - Rev 4.9.4
Date: 13 Sep 1996 06:44:34 GMT
Organization: Vixie Enterprises
Lines: 27
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
        <[EMAIL PROTECTED]>
        <[EMAIL PROTECTED]>
        <[EMAIL PROTECTED]>
NNTP-Posting-Host: wisdom.home.vix.com
In-reply-to: [EMAIL PROTECTED]'s message of 11 Sep 1996 03:51:16 GMT

>You forgot to mention that the hash bug is present in 4.9.3-REL and 4.9.3-P1
>(as well as the later 4.9.3 betas).  The difference is that 4.9.3-* is
>immune to COM\20\20\20\20\20\20\20\20COM, which was the particular strain
>of this DNS virus that happened to propagate.

I wonder if it would be responsible of me to post the pattern that breaks
4.9.3-P1?  No, I guess not.  But the code is available and the pattern is
deducable from it.  If you aren't running 4.9.4-P1, you'll be sorry as soon
as the "2600" crowd, who is currently teaching 13 year old kids how to spam
y'all with SYN storms, gets around to looking at the BIND source.

And when you see 4.9.5-REL come out, you'd all best switch to it, since it
will _also_ fix critical things that I've found in 4.9.4-P1.  Don't delay,
trust that testing has been done.  The 4.9.4-P1 thing with COM\20...COM is
just too exact a hit on the hashing bug to be anything other than intentional.
That means someone looked at the diffs from 4.9.4 to 4.9.4-P1 and figured out
what got fixed and designed an attack on 4.9.4.

This in turn probably means that I should let CERT do all of BIND's release
engineering from now on, to get the vendors ready with patches before the new
source code is available.  Sigh.  I guess I need to have everybody on the
bind-workers mailing list sign an NDA.  Double sigh.
-- 
Paul Vixie
La Honda, CA                    "Illegitimibus non carborundum."
<[EMAIL PROTECTED]>
pacbell!vixie!paul
------- end of forwarded message -------

-- 
Shields, CrossLink.

Reply via email to