Date: Wed, 13 Aug 1997 15:06:00 -0700 (PDT) From: zigg@iserv.net To: freebsd-gnats-submit@FreeBSD.ORG Subject: bin/4299: named is vulnerable to DNS spoofing Message-ID: <199708132206.PAA02043@hub.freebsd.org> Resent-Message-ID: <199708132210.PAA02431@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 4299 >Category: bin >Synopsis: named is vulnerable to DNS spoofing >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Aug 13 15:10:00 PDT 1997 >Last-Modified: >Originator: Matt Behrens >Organization: >Release: 2.2.2-RELEASE >Environment: FreeBSD megaweapon.zigg.net 2.2.2-RELEASE FreeBSD 2.2.2-RELEASE #0: Fri Jun 13 03:02:39 EDT 1997 root@megaweapon.zigg.net:/usr/src/sys/compile/MEGAWEAPON i386 >Description: The named included with 2.2.2-RELEASE (4.9.4-p1) is vulnerable to DNS spoofing by renegade domain name servers. This spoofing can cause the host to grant access to spoofed hosts with services that rely on hostname authentication, such as the infamous "r" daemons. It can also redirect mail to other hosts or into the great void easily, as well as prevent your access to services on certain hosts. >How-To-Repeat: Visit http://apostols.org/toolz/dnshack.cgi. This will insert a bogus name into your cache. After visiting this page, you will note that nslookup returns an address for this name. >Fix: Upgrade bind to the latest version, 8.1.1. Note that this requires replacing named.boot with named.conf, which can be taken care of with an included Perl script. >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708132206.PAA02043>