odd behavior in bind-8.2.2_P3 (fwd) - "illegitimate COM server" - more
LaMont Jones
lamont at security.hp.com
Wed Sep 6 14:05:33 UTC 2000
> Meanwhile on the root-servers, we have a delegation:
> EROSROUGE.COM. 2D IN NS MYIFRIENDSNS1.WEBPOWER.COM
>
> is supposed to trap the illegal NS record in the Authority section, preventing
> it from being added to
> the database, which thereby should make any bind-8.2.2 users invulnerable to the
> problem.
8.2.2-P5 caches the response, overwriting the cached servers already
there. Interestingly, 8.2.2-P3 logs the following:
Sep 6 08:02:20 zz named[5365]: bad referral (com !< EROSROUGE.com)
So this would seem to have become broken between 8.2.2-P3 and 8.2.2-P5.
8.2.3-t7b still has the defect.
> Can anyone enlighten us as to whether this potential hole is correctly blocked
> by the latest bind servers?
Not blocked... sigh. Looks like a shipstopper to me...
Off to make some diffs.
lamont
More information about the bind-workers
mailing list