Bind Exploit

Raffy

8 Feb 2001 8 Feb '01

08:17

I have an vulnerable bind running on a server (.... I know ! ) . Today the service was not running any more. I found nothing in the logfiles. Could it be that somebody used the exploit to dos the service? How could I find out in the logs? Are there known signatures? Thanks Raffy

Show replies by date

Irwan Hadi

8 Feb 8 Feb

08:44

New subject: [suse-security] Bind Exploit

At 09:17 AM 2/8/01 +0100, Raffy wrote:

...

I have an vulnerable bind running on a server (.... I know ! ) . Today the service was not running any more. I found nothing in the logfiles. Could it be that somebody used the exploit to dos the service? How could I find out in the logs? Are there known signatures?

Run out of memory ? http://cr.yp.to/djbdns/ad/unbind.html

Roman Drahtmueller

10:23

New subject: [suse-security] Bind Exploit

...

...
I have an vulnerable bind running on a server (.... I know ! ) . Today the service was not running any more. I found nothing in the logfiles. Could it be that somebody used the exploit to dos the service? How could I find out in the logs? Are there known signatures?

You probably won't be able to find out. Update the package as soon as possible. No matter if the exploit was successful or not, it is likely that the daemon does not exist any more. A restart is necessary...

...

Run out of memory ?

http://cr.yp.to/djbdns/ad/unbind.html

This webpage is particularly ugly. The style lacks describing words in my vocabulary. Roman. -- - - | Roman Drahtmüller // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -

RoMaN SoFt / LLFB!!

09:47

New subject: [suse-security] Bind Exploit

On Thu, 8 Feb 2001 09:17:55 +0100, you wrote:

...

I have an vulnerable bind running on a server (.... I know ! ) . Today the

Kurt Seifried

17:38

New subject: [suse-security] Bind Exploit

That "Bind" exploit released on Bugtraq was a trojan, it attacked nai. Kurt Seifried, seifried@securityportal.com Securityportal - your focal point for security on the 'net ----- Original Message ----- From: "RoMaN SoFt / LLFB!!" To: Sent: Thursday, February 08, 2001 2:47 AM Subject: Re: [suse-security] Bind Exploit On Thu, 8 Feb 2001 09:17:55 +0100, you wrote:

...

I have an vulnerable bind running on a server (.... I know ! ) . Today the

There is (at least) a public xploit (released in Bugtraq) for last bug on Bind. You should update NOW. Perhaps it's too late... =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ** RoMaN SoFt / LLFB ** roman@madrid.com http://pagina.de/romansoft ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

RoMaN SoFt / LLFB!!

9 Feb 9 Feb

08:10

New subject: [suse-security] Bind Exploit

On Thu, 8 Feb 2001 10:38:27 -0700, you wrote:

...

That "Bind" exploit released on Bugtraq was a trojan, it attacked nai.

No. You're referring to a former "xploit" posted to bugtraq which indeed was a trojan. I'm referring to this one: To: BUGTRAQ@SECURITYFOCUS.COM Subject: [BUGTRAQ] Fixed BIND TSIG Exploit From: Jonathan Wilkins Date: Wed, 7 Feb 2001 03:11:16 -0500 The posted BIND exploit was crippled and the author seemed a little unclear on the necessary byte ordering.. Attached is a cleaned up version that should make all the kiddies happy.. Jonathan and Ian (at 3:00am) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ** RoMaN SoFt / LLFB ** roman@madrid.com http://pagina.de/romansoft ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Kurt Seifried

18:06

New subject: [suse-security] Bind Exploit

I spent yesterday snowboarding and missed that message =) My bad. Kurt ----- Original Message ----- From: "RoMaN SoFt / LLFB!!" To: "Kurt Seifried" Cc: Sent: Friday, February 09, 2001 1:10 AM Subject: Re: [suse-security] Bind Exploit On Thu, 8 Feb 2001 10:38:27 -0700, you wrote:

...

That "Bind" exploit released on Bugtraq was a trojan, it attacked nai.

Davi

18:34

New subject: [suse-security] Bind Exploit

Here is the file that was sent to bugtraq. It's still broken, but I thing someone can get it to work without much work []s Davi On Friday 09 February 2001 16:06, Kurt Seifried wrote:

...

I spent yesterday snowboarding and missed that message =) My bad.

Kurt

----- Original Message ----- From: "RoMaN SoFt / LLFB!!" To: "Kurt Seifried" Cc: Sent: Friday, February 09, 2001 1:10 AM Subject: Re: [suse-security] Bind Exploit

On Thu, 8 Feb 2001 10:38:27 -0700, you wrote:

...
That "Bind" exploit released on Bugtraq was a trojan, it attacked nai.

No. You're referring to a former "xploit" posted to bugtraq which indeed was a trojan.

I'm referring to this one:

To: BUGTRAQ@SECURITYFOCUS.COM Subject: [BUGTRAQ] Fixed BIND TSIG Exploit From: Jonathan Wilkins Date: Wed, 7 Feb 2001 03:11:16 -0500

The posted BIND exploit was crippled and the author seemed a little unclear on the necessary byte ordering.. Attached is a cleaned up version that should make all the kiddies happy..

Jonathan and Ian (at 3:00am)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ** RoMaN SoFt / LLFB ** roman@madrid.com http://pagina.de/romansoft ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

8481

Age (days ago)

8482

Last active (days ago)

List overview

Download

7 comments

6 participants

participants (6)

Davi
Irwan Hadi
Kurt Seifried
Raffy
Roman Drahtmueller
RoMaN SoFt / LLFB!!

Bind Exploit

Raffy

Irwan Hadi

Roman Drahtmueller

RoMaN SoFt / LLFB!!

Kurt Seifried

RoMaN SoFt / LLFB!!

Kurt Seifried

Davi

tags

participants (6)