Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
Re: [suse-security] Bind Exploit
  • From: Roman Drahtmueller <draht@xxxxxxx>
  • Date: Thu, 8 Feb 2001 11:23:43 +0100 (MET)
  • Message-id: <Pine.LNX.4.30.0102081121300.1945-100000@xxxxxxxxxxxx>
> >I have an vulnerable bind running on a server (.... I know ! ) . Today the
> >service was not running any more. I found nothing in the logfiles. Could it
> >be that somebody used the exploit to dos the service? How could I find out
> >in the logs? Are there known signatures?

You probably won't be able to find out. Update the package as soon as
possible.

No matter if the exploit was successful or not, it is likely that the
daemon does not exist any more. A restart is necessary...

>
> Run out of memory ?
>
> http://cr.yp.to/djbdns/ad/unbind.html

This webpage is particularly ugly. The style lacks describing words in my
vocabulary.

Roman.
--
- -
| Roman Drahtm├╝ller <draht@xxxxxxx> // "Caution: Cape does |
SuSE GmbH - Security Phone: // not enable user to fly."
| N├╝rnberg, Germany +49-911-740530 // (Batman Costume warning label) |
- -


< Previous Next >
References