[dns-operations] BIND Security Advisory May 2011: Large RRSIG RRsets and Negative Caching can crash named
Emanuele Balla (aka Skull)
skull at bofhland.org
Fri May 27 08:15:31 UTC 2011
On 5/27/11 9:26 AM, SM wrote:
>> *Workarounds:* Restricting access to the DNS caching resolver
>> infrastructure will provide partial mitigation. Active exploitation
>> can be accomplished through malware or SPAM/Malvertizing actions that
>> will force authorized clients to look up domains that would trigger
>> this vulnerability.
>
> As it is be possible to trigger this bug through the "web", it would be
> advisable to upgrade before people roll out the denial of service.
Interestingly enough, I had a bunch of named crash yesterday night on 2
bind resolver instances (validation enabled) serving our mailservers.
These are named last words (time is CEST):
May 26 22:24:02 dns2 named[27443]: buffer.c:285: REQUIRE(b->used + 1 <=
b->length) failed, back trace
May 26 22:24:02 dns2 named[27443]: #0 0xb771df09 in ??
May 26 22:24:02 dns2 named[27443]: #1 0xb734e023 in ??
May 26 22:24:02 dns2 named[27443]: #2 0xb734fd1f in ??
May 26 22:24:02 dns2 named[27443]: #3 0xb75ab55d in ??
May 26 22:24:02 dns2 named[27443]: #4 0xb7629e28 in ??
May 26 22:24:02 dns2 named[27443]: #5 0xb7631d07 in ??
May 26 22:24:02 dns2 named[27443]: #6 0xb73711ad in ??
May 26 22:24:02 dns2 named[27443]: #7 0xb71a6506 in ??
May 26 22:24:02 dns2 named[27443]: #8 0xb6feb85e in ??
May 26 22:24:02 dns2 named[27443]: exiting (due to assertion failure)
Is there a chance this is the same bug you're talking about?
--
Paranoia is a disease unto itself. And may I add: the person standing
next to you may not be who they appear to be, so take precaution.
-----------------------------------------------------------------------------
http://bofhskull.wordpress.com/
More information about the dns-operations
mailing list