Exploitation scripts list? OS/Bind version.
Brad Knowles
brad.knowles at skynet.be
Tue Apr 3 22:57:47 UTC 2001
At 2:29 PM -0500 4/3/01, stuart nichols wrote:
> Thanks. I've looked both these places, and they have very little
> in the way of Operating System specifics. In my talk tomorrow
> I will be targeting managers who will be deciding whether or not
> to send their technical people to the bind upgrade seminar. They
> will not, for the most part, know whether they are on 4.9.5 or
> 8.1.2 of bind. They will, almost certainly, know if their machines
> run FreeBSD, RedHat Linux, or True-64 Unix.
BIND 8 prior to 8.2.3-REL is vulnerable on *ALL* platforms, and
there have been recent questions on here as to whether even 8.2.3-REL
itself is vulnerable. BINDv9 prior to 9.1.1-REL has known bugs
(although I don't believe any of them are security related, many of
them do cause operational problems) on *ALL* platforms.
There is a "worm" going around called "Lion" that will exploit
bugs on BIND 8 (prior to 8.2.3-REL) and quickly compromise the
machine, using what is known as a "rootkit". This affects all
versions of Linux that I am familiar with.
While the "Lion" worm has not yet (to our knowledge) been
modified to work with other OSes on other platforms, the mechanism it
exploits via BIND prior to 8.2.3-REL is an issue, and could easily be
exploited.
The key is *NOT* what platform are they running, but what version
of BIND are they running. Sorry guy, there's just no way around that
issue.
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* Represented as 1045 digit prime number by Phil Carmody */
/* Prime as DNS cname chain by Roy Arends and Walter Belgers */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
More information about the bind-users
mailing list