From owner-freebsd-security  Thu Nov  9 10:16:39 2000
Delivered-To: freebsd-security@freebsd.org
Received: from athena.za.net (athena.za.net [196.30.167.200])
	by hub.freebsd.org (Postfix) with ESMTP id 4BC3E37B4D7
	for <freebsd-security@freebsd.org>; Thu,  9 Nov 2000 10:16:31 -0800 (PST)
Received: from localhost (jus@localhost)
	by athena.za.net (8.9.3/8.9.3) with ESMTP id SAA00383;
	Thu, 9 Nov 2000 18:18:38 GMT
	(envelope-from jus@security.za.net)
X-Authentication-Warning: athena.za.net: jus owned process doing -bs
Date: Thu, 9 Nov 2000 20:18:32 +0200 (SAST)
From: Justin Stanford <jus@security.za.net>
X-Sender: jus@athena.za.net
To: Michael Bryan <fbsd-secure@ursine.com>
Cc: freebsd-security@freebsd.org
Subject: Re: DOS vulnerability in BIND 8.2.2-P5
In-Reply-To: <3A0AE5DF.39893E59@ursine.com>
Message-ID: <Pine.BSF.4.21.0011092017530.341-100000@athena.za.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I could not get my 4.1.1-STABLE machine's named to crash no matter what I
did. Reports indicate any of the 4.x-STABLE branch are not vulnerable.



--
Justin Stanford
082 7402741
jus@security.za.net
www.security.za.net
IT Security and Solutions


On Thu, 9 Nov 2000, Michael Bryan wrote:

> 
> For those who haven't yet seen the messages in BugTraq, there is
> a DOS vulnerability in BIND 8.2.2-P5.  Sending a ZXFR request to
> a server can cause it to crash.  (The crash might happen a few
> minutes after the ZXFR request, as it sets something up for a later
> failure.)  If BIND is setup to restrict zone transfers to only those
> hosts that you trust, only those hosts can trigger the bug, so that's
> the easiest way to protect yourself.  Sites that don't have an
> "allow-transfer" acl restriction on zone transfers are wide open to
> this DOS attack, though, and there are apparently a lot of sites
> which are wide open like this.
> 
> 
> The original BugTraq article is here:
> 
> http://www.securityfocus.com/archive/1/143843
> 
> It appears that 8.2.3-T5B, 8.2.3-T6B and 9.0.0 are not vulnerable,
> but 8.2.2-P3 and 8.2.2-P5 have been confirmed to be vulnerable under
> FreeBSD.
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message