Code Red : Stack Smash in bind 9.3.3

Neil Kettle mu-b at 65535.com
Fri Jan 12 11:50:55 UTC 2007


hmmm, it is rather interesting that you should say that as I do know
that there exists a bind9.x remote root 0day exploit. However, I do not
have a copy nor know where the vulnerability is, but can definitely
confirm that an exploit exists.

Do you have a more detailed stack trace?, I have been performing an audit
of the bind9 sources and found a couple of issues, one off-by-one in named
(that may be reachable, but appears non-exploitable) and another complete
smash that is totally unexploitable.
-- 
---------------------------------------------------------------------------
mu-b



More information about the bind-users mailing list