8 Feb
2001
8 Feb
'01
13:34
From: Raffy [mailto:suse@raffy.ch]
I have an vulnerable bind running on a server (.... I know ! ) . Today the service was not running any more. I found nothing in the Sounds like an exploit that was some time ago on BugTraq. Somebody might have tried to do an unapproved zone-transfer using the compression flag.
named-xfer (... i won't continue with the command, but some people know what I mean). That causes named to fail and shut down. I don't know about logging though. It was logged in my logfile, but as I am paranoid, named logs almost everything it does. As Roman already said, update your bind-daemon a.s.a.p. to avoid being exploited. Andreas