named exploit? AF_INET in udp sendmsg

Ralf Hildebrandt R.Hildebrandt at
Tue Mar 28 09:21:26 UTC 2000

On Mon, Mar 27, 2000 at 09:35:29PM +0100, Jim Reid wrote:

>     Paul> named forgot to set AF_INET in udp sendmsg. Fix it!
This seems to be a RH 6.1 problem, not an exploit...

> 4.9.3 is *very* old. It is known to have security holes. Take a look
> at the ISC's web site or CERT's security advisories. The last release
> of BIND 4 was 4.9.7. It came out ~2 years ago.
> As for the message on the console, I wouldn't attach much credence to
> it at all. It looks like something an attacker created rather than a
> message from the system software. Unless you do a complete audit of
> the attacked system, there's no way of knowing how or if the system
> was compromised. Perhaps the message was a decoy for some other attack
> that was used to penetrate your system?

Nope, it's genuine. I checked the archives, but couldn't find a definitive
bug report. This was often reported with RedHat 6.1...

Ralf Hildebrandt <R.Hildebrandt at>
If JavaScript is walking alone late at night through a bad part of
town with a pocket full of $20 bills, ActiveX is dropping your
trousers in the middle of the yard of a maximum-security prison,
bending over, and yelling 'Come and get it, boys!' 

More information about the bind-users mailing list