Buffer overflow reported by sscan
Mike Dimmick
mike at dimmick.demon.co.uk
Fri Mar 10 19:34:54 UTC 2000
"James Scott Boorn" <jboorn at seatab.com> wrote in message
news:38C826E6.F45ADAD2 at seatab.com...
> I'm a new bind admin and while learning about security I ran sscan
> (http://www.ben2.ucla.edu/~jsbach/) against my server. It reported :
> --<[ *VULN*: localhost: linux bind/iquery remote buffer overflowÿÿÿÿ
> c
>
> and in /var/log/messages I found the following:
> Mar 9 14:03:02 3gig modprobe: can't locate module üôÿ¿?
>
> I am running redhat linux 6.0 with bind upgraded to the vendor
supplied
> rpm (bind-8.2.2_P3-1) `named -v` shows:
> named 8.2.2-P3 Thu Nov 11 00:04:50 EST 1999
>
>
root at porky.devel.redhat.com:/usr/src/bs/BUILD/bind-8.2.2_P3/src/bin/name
d
>
> I downloaded the latest source from www.isc.org compiled and replaced
> the named binary and reran sscan with the same results.
>
> Is this a known problem? I was not able to find any more info about
it
> on the web.
>
> Thanks
Firstly the first message probably refers to a kernel vulnerability.
The kernel that came with RedHat 6.0, version 2.2.5, had some serious
problems with TCP/IP anyway so you will want to upgrade this. You
should find a new RPM at http://www.redhat.com/support/errata/index.html
(look for 6.0 updates).
Secondly the /var/log/messages error: kerneld was trying to load a
kernel module to support a piece of hardware. If that's the exact
string I think you did something funny when compiling the kernel; an
error string should *never* look like that. Try reverting back to a
pre-compiled one.
Hope this helps,
--
Mike Dimmick
--
Mike Dimmick
More information about the bind-users
mailing list