older security bug in bind?

David R. Conrad David.Conrad at nominum.com
Wed May 3 22:49:45 UTC 2000


Hi,

> I run the latest versin of bind on our nameservers,
> but I did have a caching only ns running bind 8.2-6
>
> Somehow someone did get access to the box by some process I am not 
> sure of, I just suspect named.

There are several scripts which exploit the NXT bug that are currently
floating around the Internet.   If you are running BIND version 8.2, 8.2
patchlevel 1, or 8.2.1, you are _extremely_ vulnerable.
 
> is it possible that this older version of bind could allow someone to 
> do that.. it was running via default settings.. (root)

Yes.  I would also recommend running named as non-root.

Rgds,
-drc





More information about the bind-users mailing list