Security Incidents mailing list archives
Re: BIND-8.2.2p5 exploited?
From: Jon Lewis <jlewis () LEWIS ORG>
Date: Mon, 29 Jan 2001 12:02:36 -0500
On Sun, 28 Jan 2001 dev-null () NO-ID COM wrote:
hello i manage nameserver running BIND-8.2.2p5 and notice it die recently... i go examine server to see the problem and i move to named directory and notice directory name ron1n in there immediately i call friend and we close down to server to examine more..... he tell me above version not vulnerable to nxt bug and cannot understand why named die and why that directory exist in named root..... was my nameserver hacked?? i thought named running with chroot method stop hacker from breaking my daemons??? we look at isc.org and no report of above version being vulnerable... what could problem be?
Were you able to tell from the files installed and their dates when the intrusion may have begun? Late this past friday night, Paul Vixie announced that there was a serious security hole found in bind 8.2.x, and that everyone needs to upgrade to either 8.2.3 or 9.x in a hurry. I don't know if there are exploits for this hole already, and he wasn't even very specific about what the hole was...but I'm sure if you study diffs of the last 8.2.2 version and 8.2.3 you could figure out where the hole is, and someone could have already written an exploit. -- ---------------------------------------------------------------------- Jon Lewis *jlewis () lewis org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Current thread:
- BIND-8.2.2p5 exploited? dev-null (Jan 29)
- Re: BIND-8.2.2p5 exploited? Nicolas GREGOIRE (Jan 29)
- Re: BIND-8.2.2p5 exploited? Jon Lewis (Jan 29)