RE: BIND Crash

["Mark Ng" <laptopalias1-mark () informationintelligence net>]

I've since noted on investigation that the client was/is running a version
of BIND that is vulnerable to several exploits (8.3.3) - so this looks
perhaps like someone is using old exploits in a fairly widespread manner (I
think all of our reports are from England or West Europe so far ?).
Hopefully it's not a worm, I'd guess if that were the case, we would have
noticed it fairly heavily by now, as whatever it is has been going for at
least 24 hours.


-----Original Message-----
From: Chris Phillips [mailto:chris () bsdbox net]
Sent: 16 May 2003 01:44
To: Mark Ng
Cc: Gaby Vanhegan; incidents () securityfocus com
Subject: RE: BIND Crash


The line in /tmp was from a php session.  Nothing to do with BIND.

On Thu, 15 May 2003, Mark Ng wrote:

> I've seen this today too.  One of my clients DNS servers has crashed twice
> in the same day, both times with the same message (or very similar)
>
> May 14 21:19:19 bilbo2 named[9491]: ns_resp.c:3946: ENSURE(cp <= eom_out)
> failed.
>
> I've not seen the file in /tmp on this machine however.  I'm looking to
see
> if there have been any similar problems on any of their other machines.
>
> Will report if I see anything else.
>
> -----Original Message-----
> From: Gaby Vanhegan [mailto:gaby.vanhegan () englandagency com]
> Sent: 15 May 2003 09:05
> To: incidents () securityfocus com
> Subject: BIND Crash


----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-incidents
----------------------------------------------------------------------------