Code Red : Stack Smash in bind 9.3.3

Ajith Vargese Thampi ajith.thampi at gmail.com
Thu Jan 25 11:23:25 UTC 2007


Still a problem with the latest 9.3.4 series.
Stack smash attack on function query_find.
Attaching the straced output. any other way of getting the details you
require?

On 1/12/07, Neil Kettle <mu-b at 65535.com> wrote:
>
> hmmm, it is rather interesting that you should say that as I do know
> that there exists a bind9.x remote root 0day exploit. However, I do not
> have a copy nor know where the vulnerability is, but can definitely
> confirm that an exploit exists.
>
> Do you have a more detailed stack trace?, I have been performing an audit
> of the bind9 sources and found a couple of issues, one off-by-one in named
> (that may be reachable, but appears non-exploitable) and another complete
> smash that is totally unexploitable.
> --
>
> ---------------------------------------------------------------------------
> mu-b
>



-- 
Thanks and Regards
Aristo
Mob # +91 9980089699
Registered Linux User #415170





More information about the bind-users mailing list