Buffer overflow reported by sscan

Mike Dimmick mike at dimmick.demon.co.uk
Fri Mar 10 19:34:54 UTC 2000


"James Scott Boorn" <jboorn at seatab.com> wrote in message
news:38C826E6.F45ADAD2 at seatab.com...
> I'm a new bind admin and while learning about security I ran sscan
> (http://www.ben2.ucla.edu/~jsbach/) against my server. It reported :
> --<[ *VULN*: localhost: linux bind/iquery remote buffer overflowÿÿÿÿ
> c
>
> and in /var/log/messages I found the following:
> Mar  9 14:03:02 3gig modprobe: can't locate module üôÿ¿?
>
> I am running redhat linux 6.0 with bind upgraded to the vendor
supplied
> rpm (bind-8.2.2_P3-1) `named -v` shows:
> named 8.2.2-P3 Thu Nov 11 00:04:50 EST 1999
>
>
root at porky.devel.redhat.com:/usr/src/bs/BUILD/bind-8.2.2_P3/src/bin/name
d
>
> I downloaded the latest source from www.isc.org compiled and replaced
> the named binary and reran sscan with the same results.
>
> Is this a known problem?  I was not able to find any more info about
it
> on the web.
>
> Thanks

Firstly the first message probably refers to a kernel vulnerability.
The kernel that came with RedHat 6.0, version 2.2.5, had some serious
problems with TCP/IP anyway so you will want to upgrade this.  You
should find a new RPM at http://www.redhat.com/support/errata/index.html
(look for 6.0 updates).

Secondly the /var/log/messages error: kerneld was trying to load a
kernel module to support a piece of hardware.  If that's the exact
string I think you did something funny when compiling the kernel; an
error string should *never* look like that.  Try reverting back to a
pre-compiled one.

Hope this helps,

--
Mike Dimmick


--
Mike Dimmick





More information about the bind-users mailing list