Security Incidents mailing list archives
AW: BIND 9.2.1 crashes
From: "Matthias Krawutschke" <Matthias () krawutschke com>
Date: Mon, 6 Oct 2003 16:39:38 -0000
Benjamin, so if have some more problems, please visit the user group from BIND 9 under ISC.ORG. This is very helpful with errors or anything else. Hope this helps too, Matthias -----Ursprüngliche Nachricht----- Von: Keith Bergen [mailto:keith () keithbergen com] Gesendet: Montag, 6. Oktober 2003 15:28 An: incidents () securityfocus com Betreff: Re: BIND 9.2.1 crashes Benjamin, My paranoia always assumes a buffer overflow and comprimise. BIND 9.2.1 appears to be vulnerable to a buffer overflow. I would recommend updating it. Typically the attackers will exploit the overflow, and then install their rootkits. Then they will disable the DNS so that you have to reboot the machine, thus permanently installing their root kits. Check out this page: http://www.isc.org/products/BIND/bind-security.html Next, download the Root Kit Checker and compile and run it: http://www.chkrootkit.org/ Hope this helps, Keith. ---- Original message ----
Date: Sun, 5 Oct 2003 14:06:34 -0700 (PDT) From: Benjamin Franz <snowhare () nihongo org> Subject: BIND 9.2.1 crashes To: incidents () securityfocus com This is going to necessarily be sketchy on details because I
don't have
many. In the last 48 hours I've had two nameservers on completely
seperate
subnets crash with no indication as to what crashed them.
Both nameservers
are running BIND 9.2.1 (One system is running RH 7.3, BIND
9.2.1-1.7x.2.
The other system is running RH 7.2, BIND 9.2.1-1.7x.2). The named on the RH7.3 system 'tied itself in a knot'
without formally
dying - it just stopped doing name service after a lot
of 'no more
recursive clients: quota reached' messages (related to a
maillist mailing
I believe initially - but this had stopped before I was
called in - at
which time the named was still refusing service, but hadn't
logged
anything in 40 minutes). The named on the RH7.2 system
completely died
with no logged messages at all about 18 hours after the
RH7.3 system
problem, with no unusual activity preceding its death - it
just stopped
for no apparent reason). The 7.2 system has been running for several months with no
issues. The 7.3
system was brought online a week ago - and had no trouble
until this.
Has anyone else been seeing BIND crashes on previously
stable systems in
the last week? -- Benamin Franz Gauss's law is always true, but it is not always useful. -- David J. Griffiths, "Introduction to Electrodynamics" -------------------------------------------------------------
--------------
-------------------------------------------------------------
---------------
--------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- AW: BIND 9.2.1 crashes Matthias Krawutschke (Oct 06)