Vulnerability Development mailing list archives
BIND infoleak bug details?
From: gov-boi <gov-boi () HACK CO ZA>
Date: Thu, 1 Feb 2001 23:58:16 +0200
Synopsis: We have a working BIND TSIG exploit that we're looking for a little help to improve. The NAI advisory on the BIND TSIG bug states that: ``The "infoleak" bug, discovered by Claudio Musmarra, and described in CERT advisory CA-2001-02, permits an attacker to remotely retrieve stack frames from named'' Then, according to ISC: http://www.isc.org/products/BIND/bind-security.html ``It is possible to construct a inverse query that allows the stack to be read remotely exposing environment variables.'' Does anyone have details of the exact specifics of this vulnerability, or exactly what type of malformed iquery will trigger this bug? The CERT advisory, as usual, is completely useless.. - anathema / anathema () box co uk
Current thread:
- BIND infoleak bug details? gov-boi (Feb 04)
- Re: BIND infoleak bug details? Lucian Hudin (Feb 05)
- <Possible follow-ups>
- BIND infoleak bug details? Bruce Leidl (Feb 05)