[dns-operations] BIND Security Advisory

etirado.ext at orange-ftgroup.com etirado.ext at orange-ftgroup.com
Wed Jul 29 14:27:59 UTC 2009


Hello

It seems like my tests went the other way:

Exploit works on zone ( type master ), but didn't work on the "automatic empty zone".

We hade the two types of zones for the test:
some zone declared as master and others in "automatic empty zone".

 


-----Message d'origine-----
De : dns-operations-bounces at lists.dns-oarc.net [mailto:dns-operations-bounces at lists.dns-oarc.net] De la part de Stephane Bortzmeyer
Envoyé : mercredi 29 juillet 2009 12:08
À : Peter Losher
Cc : dns-operations at mail.dns-oarc.net
Objet : Re: [dns-operations] BIND Security Advisory

On Tue, Jul 28, 2009 at 06:21:22PM -0700,
 Peter Losher <plosher at isc.org> wrote 
 a message of 30 lines which said:

> "Testing indicates that the attack packet has to be formulated against a
> zone for which that machine is a master. Launching the attack against
> slave zones does not trigger the assert.

We tested that removing the zones which are typically there by
default, and in mode master (such as localhost and
0.0.127.in-addr.arpa) works fine: the published exploit no longer
works afterwards.

This can be an interim solution for those who don't have a clean
upgrade path (for instance, RHEL did not push the patch yet).

*********************************
This message and any attachments (the "message") are confidential and intended solely for the addressees. 
Any unauthorised use or dissemination is prohibited.
Messages are susceptible to alteration. 
France Telecom Group shall not be liable for the message if altered, changed or falsified.
If you are not the intended addressee of this message, please cancel it immediately and inform the sender.
********************************



More information about the dns-operations mailing list