Bugtraq mailing list archives
Re: is there another hole in BIND?
From: paul () vix com (Paul A Vixie)
Date: Sat, 23 Jul 1994 23:13:14 -0700
My other guess was that: it's quite easy to kill off a named daemon with a udp packet with an invalid length field, from remote site.
not as of 4.9, at least as far as i know. and if all your servers are running 4.9 or later code, then the A RR's are safe so the extra query in gethostby*() isn't strictly needed. normal, old-style spoofing (having the bad guy's host's PTR point to one of the good guys' hostnames) was fixed at the application level in BSD and in the resolver for sunos. named itself doesn't get involved with that.
Current thread:
- Re: Is starting a user program on priv port via inetd dangerous ? Lord of flying horned octopi (Jul 22)
- Re: Is starting a user program on priv port via inetd dangerous ? Jukka Ukkonen (Jul 23)
- is there another hole in BIND? jsz (Jul 23)
- Re: is there another hole in BIND? Paul A Vixie (Jul 23)
- <Possible follow-ups>
- Re: Is starting a user program on priv port via inetd dangerous ? Christopher Davis (Jul 24)