From owner-freebsd-security Thu Nov 9 11:33: 3 2000 Delivered-To: freebsd-security@freebsd.org Received: from outbound.lightshipmail.net (outbound.lightshipmail.net [216.204.0.39]) by hub.freebsd.org (Postfix) with SMTP id 4239437B479 for ; Thu, 9 Nov 2000 11:33:01 -0800 (PST) Received: (qmail 3168 invoked from network); 9 Nov 2000 19:28:08 -0000 Received: from gauss.lightship.net (HELO nrmail.com) (216.204.1.222) by outbound.lightshipmail.net with SMTP; 9 Nov 2000 19:28:08 -0000 Message-ID: <3A0AFAC7.E5A7D470@nrmail.com> Date: Thu, 09 Nov 2000 14:28:07 -0500 From: Bill Munger X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.14-5.0 i686) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: DOS vulnerability in BIND 8.2.2-P5 References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This DoS has no effect on my FreeBSD 4.1-RC2 machine running bind-8.2.2-P5. Bind was compiled from source retrieved from the ISC website, it is not the FreeBSD integrated version. All compile time options are the defaults. The only effect this attack had on the target machine was to place the following in the logs each time: Nov 9 13:14:18 hermes named[112]: approved ZXFR from [172.23.200.3].1602 for "zonehead.org" Nov 9 13:14:18 hermes named[112]: unsupported XFR (type ZXFR) of "zonehead.org" (IN) to [172.23.200.3].1602 The transfer is allowed by the "allow-transfer" directive, but ZXFR is unsupported, and named continues to function normally. Again, bind-8.2.2-P5 direct from ISC does not seem to be vulnerable in this configuration. That is all. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message