Exploitation scripts list? OS/Bind version.
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Wed Apr 4 02:54:33 UTC 2001
The short answer is that all OS's are susceptible to being
DoS'd. There are published exploits for Linux.
Mark
>
> On Tue, 3 Apr 2001, Jim Reid wrote:
>
> stuart> Thanks. I've looked both these places, and they have very
> stuart> little in the way of Operating System specifics. In my
> stuart> talk tomorrow I will be targeting managers who will be
> stuart> deciding whether or not to send their technical people to
> stuart> the bind upgrade seminar. They will not, for the most
> stuart> part, know whether they are on 4.9.5 or 8.1.2 of bind.
> stuart> They will, almost certainly, know if their machines run
> stuart> FreeBSD, RedHat Linux, or True-64 Unix.
>
> Jim> You asked about info on BIND security holes.
>
> Uh... No I didn't. Look at the subject line.
>
> Jim> I gave you references. Those holes can be exploited irrespective of
> Jim> what version of UNIX that the vulnerable version of BIND runs on.
> Jim> They are not OS specific. The holes are specific to old versions of
> Jim> BIND.
>
> I'm quite aware of which Bind versions are vunerable, and even why,
> right down to the code. I was on this list a long time before I
> first noticed YOUR name. Exploiting BIND vunerabilities takes some
> very detailed knowledge of the operating system and the way in
> which the particular executable was compiled, including options.
>
> Now, I'll try one more time, since if you didn't understand what
> I meant, Jim, maybe others didn't, either:
>
> "There are currently scripts in circulation that can exploit the
> vunerabilities of old versions of BIND on particular Operating
> Systems. I want to know what OSes are known to have been compromised
> with such scripts. Please include OS version number."
>
> I really don't know how to word the question any clearer than
> that, Jim, so if you don't understand why I would ask the question,
> or you don't want to answer it, FINE. Other people will (some have,
> already), and you aren't required to.
>
> --
>
> stu
> stu at stac.state.tx.us
>
> Office: (512) 463-7601
> FAX: (512) 475-4759
>
> stuart nichols
> State Technology Assessment Center
> Texas Department of Information Resources
> 300 West 15th Street
> Austin TX 78744
>
>
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list