dev-nullNO-ID.COM a écrit :
>
> hello i manage nameserver running BIND-8.2.2p5 and notice it die recently.

Bad, so bad :(

> we look at isc.org and no report of above version being vulnerable...

Check again !

From http://www.isc.org/products/BIND/bind-security.html

"ISC has discovered or has been notified of several bugs which can
result in vulnerabilities of varying levels of severity in
BIND as distributed by ISC. Upgrading to BIND version 9.1 is
strongly recommended. If that is not possible for your site,
upgrading at least to BIND version 8.2.3 is imperative."

and the bug itself :

"Name: "tsig bug"
Versions affected: 8.2, 8.2-P1, 8.2.1, 8.2.2-P1, 8.2.2-P2, 8.2.2-P3,
8.2.2-P4, 8.2.2-P5, 8.2.2-P6, 8.2.2-P7, and all 8.2.3-betas
Severity: CRITICAL
Exploitable: Remotely
Type: Access possible.
Description: It is possible to overflow a buffer handling TSIG signed
queries, thereby obtaining access to the system.
Workarounds: None. ( Note : I love Bind :( )
Active Exploits: Exploits for this bug exist.

Watch your DNS servers carefully !!!

Nicob

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]