Henry Hollenberg <[EMAIL PROTECTED]> wrote: > Has anyone assesed the impact of the bind exploit announced by CERT > today.
> I'm using bind_4.9.6-1.deb, so would be curious as to where I stood, > what the fixes were. > Thanks > Henry Hollenberg [EMAIL PROTECTED] Ya know what sucks? I worked my butt off to get it patched and packaged up, made the .deb's, got them uploaded a few places: ftp://ftp.linpeople.org/pub/Software/Bind/bind_8.1.1-7.1_i386.deb http://www.oz.net/~rcw/bind_8.1.1-7.1_i386.deb And then I was in the middle of composing a message to this list with a big scary subject like "SECURITY FIX:" which forced me to quote the CERT advisory (causing me to *read* it :)... >Date: Wed, 8 Apr 1998 17:45:08 -0400 >From: CERT Advisory <cert-advisory@cert.org> >To: cert-advisory@coal.cert.org >Subject: CERT Advisory CA-98.05 - bind_problems >Reply-To: [EMAIL PROTECTED] >Organization: CERT(sm) Coordination Center - +1 412-268-7090 > >-----BEGIN PGP SIGNED MESSAGE----- > >============================================================================= >CERT* Advisory CA-98.05 >Original issue date: April 08, 1998 > >Topic: Multiple Vulnerabilities in BIND > 1. Inverse Query Buffer Overrun in BIND 4.9 and BIND 8 Releases > 2. Denial-of-Service Vulnerabilities in BIND 4.9 and BIND 8 Releases > 3. Denial-of-Service Vulnerability in BIND 8 Releases [...] >II. Impact > > Topic 1: A remote intruder can gain root-level access to your name server. > > Topics 2 and 3: A remote intruder is able to disrupt normal operation of > your name server. [...] >************************************************************************* >Topic 1: Inverse Query Buffer Overrun in BIND 4.9 and BIND 8 Releases >************************************************************************* > >1.A. Description > > BIND 4.9 releases prior to BIND 4.9.7 and BIND 8 releases prior to 8.1.2 > do not properly bounds check a memory copy when responding to an inverse > query request. An improperly or maliciously formatted inverse query on a > TCP stream can crash the server or allow an attacker to gain root > privileges. > >1.B. Determining if your system is vulnerable > > The inverse query feature is disabled by default, so only the systems > that have been explicitly configured to allow it are vulnerable. > > BIND 8 > Look at the "options" block in the configuration file (typically > /etc/named.conf). If there is a "fake-iquery yes;" line, then the > server is vulnerable. So, you can't get root on the existing package unless you enabled the fake-iquery option. Well that right there ticked me off enough to make me cancel the message, give up and go to sleep and let Johnie Ingram package up 8.1.2. (which was designated beta last I heard...) -- Robert Woodcock - [EMAIL PROTECTED] All I want is a warm bed and a kind word and unlimited power. -- Ashleigh Brilliant -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
