OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Possible DOS in Bind 8.2.2-P5
From: Peter Pentchev (roamORBITEL.BG)
Date: Tue Nov 14 2000 - 01:31:19 CST

On Mon, Nov 13, 2000 at 11:25:50AM -0300, Jonatan Sarba wrote:
> milg:~# named-xfer -z zone.com.ar -d 9 -f pics -Z dns.zone.com.ar
>
> named-xfer[3916]: send ZXFR query 0 to 200.0.1.101
> named-xfer[3916]: premature EOF, fetching "zone.com.ar"
>
> and the logs in dns server was:
>
> Nov 13 13:55:36 dns named[19877]: zone transfer (ZXFR) of "zone.com.ar" (IN)
> to [200.0.1.101].2916
> Nov 13 13:55:36 dns named[30890]: execlp: No such file or directory
> Nov 13 13:55:36 dns named[19877]: zxfr gzip pid 30890
>
> i've chrooted the named daemon running on redhat-6.0. I think that the user
> who runs the daemon, doesn't have permissions to execute the 'execlp'
> function. Is it possible?

Possible, but quite improbable; it's much more likely that the execlp
system call is complaining that the file bind's trying to exec does
not exist. That is, you've missed copying some file and/or library
to the chroot tree.

Unfortunately, I do not have BIND sources handy right now, so I cannot
make a guess at which file might be the problem.

G'luck,
Peter 

--
Nostalgia ain't what it used to be.