KAMINSKY vulnerability !!

JINMEI Tatuya / 神明達哉 jinmei at isc.org
Mon May 10 18:45:02 UTC 2010


At Mon, 10 May 2010 10:05:47 -0400,
"P.A" <razor at meganet.net> wrote:

> Today I came in and both my name server stopped answering queries. I
> restarted the servers a couple of times and they are now up. I have posted
> the primary/slave look below. My question is did I just get rid by the
> kaminsky vulnerability? if so how can I determined what host caused this if
> its possible. The last thing what version should I upgrade to?

[...]

> May 10 08:37:11 ns1 named[4388]: resolver.c:5494: REQUIRE((((query) !=
> ((void *)0)) && (((const isc__magic_t *)(query))->magic == ((('Q') << 24 |
> ('!') << 16 | ('!') << 8 | ('!')))))) failed

I suspect you hit an old bug:

2408.	[bug]		A duplicate TCP dispatch event could be sent, which
			could then trigger an assertion failure in
			resquery_response().  [RT #18275]

which was fixed in 9.4.3.

---
JINMEI, Tatuya
Internet Systems Consortium, Inc.



More information about the bind-users mailing list