Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
RE: [suse-security] Bind exploit
  • From: "Andreas Achtzehn" <andreas@xxxxxxxxxxxxxxxx>
  • Date: Thu, 8 Feb 2001 14:35:57 +0100
  • Message-id: <NEBBIJBJCKAKDMLOHHKKEEGPDEAA.andreas@xxxxxxxxxxxxxxxx>
> From: Raffy [mailto:suse@xxxxxxxx]
>
> I have an vulnerable bind running on a server (.... I know ! ) . Today the
> service was not running any more. I found nothing in the
Sounds like an exploit that was some time ago on BugTraq. Somebody might
have tried to do an unapproved zone-transfer using the compression flag.

named-xfer (... i won't continue with the command, but some people know what
I mean).

That causes named to fail and shut down. I don't know about logging though.
It was logged in my logfile, but as I am paranoid, named logs almost
everything it does.
As Roman already said, update your bind-daemon a.s.a.p. to avoid being
exploited.

--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/CM/IT/P d@ s: !a C++(+) UL++++$ P++ L+++(++++)@ E---- W+++ N+ o? K? w O-
M- V- PS PE- Y+ PGP++ t+ 5 X+ R* tv+ b++ DI? D-- G> e@> h!>
------END GEEK CODE BLOCK------
See http://www.ebb.org/ungeek/ on details.




< Previous Next >
This Thread
  • No further messages