Exploitation scripts list? OS/Bind version.

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Wed Apr 4 02:54:33 UTC 2001 

	The short answer is that all OS's are susceptible to being
	DoS'd.  There are published exploits for Linux.

	Mark

> 
> On Tue, 3 Apr 2001, Jim Reid wrote:
> 
> stuart> Thanks.  I've looked both these places, and they have very
> stuart> little in the way of Operating System specifics.  In my
> stuart> talk tomorrow I will be targeting managers who will be
> stuart> deciding whether or not to send their technical people to
> stuart> the bind upgrade seminar.  They will not, for the most
> stuart> part, know whether they are on 4.9.5 or 8.1.2 of bind.
> stuart> They will, almost certainly, know if their machines run
> stuart> FreeBSD, RedHat Linux, or True-64 Unix.
> 
> Jim> You asked about info on BIND security holes.
> 
> Uh... No I didn't.  Look at the subject line.
> 
> Jim> I gave you references.  Those holes can be exploited irrespective of
> Jim> what version of UNIX that the vulnerable version of BIND runs on.
> Jim> They are not OS specific.  The holes are specific to old versions of
> Jim> BIND.
> 
> I'm quite aware of which Bind versions are vunerable, and even why,
> right down to the code.  I was on this list a long time before I
> first noticed YOUR name.  Exploiting BIND vunerabilities takes some
> very detailed knowledge of the operating system and the way in
> which the particular executable was compiled, including options.
> 
> Now, I'll try one more time, since if you didn't understand what
> I meant, Jim, maybe others didn't, either:
> 
> "There are currently scripts in circulation that can exploit the
> vunerabilities of old versions of BIND on particular Operating
> Systems. I want to know what OSes are known to have been compromised
> with such scripts.  Please include OS version number."
> 
> I really don't know how to word the question any clearer than
> that, Jim, so if you don't understand why I would ask the question,
> or you don't want to answer it, FINE.  Other people will (some have,
> already), and you aren't required to.
> 
> --
> 
> stu
> stu at stac.state.tx.us
> 
> Office: (512) 463-7601
> FAX:    (512) 475-4759
> 
> stuart nichols
> State Technology Assessment Center
> Texas Department of Information Resources
> 300 West 15th Street
> Austin  TX  78744
> 
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com

More information about the bind-users mailing list