From owner-freebsd-bugs  Wed Aug 13 15:10:06 1997
Return-Path: <owner-freebsd-bugs>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id PAA02443
          for bugs-outgoing; Wed, 13 Aug 1997 15:10:06 -0700 (PDT)
Received: (from gnats@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id PAA02431;
          Wed, 13 Aug 1997 15:10:02 -0700 (PDT)
Resent-Date: Wed, 13 Aug 1997 15:10:02 -0700 (PDT)
Resent-Message-Id: <199708132210.PAA02431@hub.freebsd.org>
Resent-From: gnats (GNATS Management)
Resent-To: freebsd-bugs
Resent-Reply-To: FreeBSD-gnats@FreeBSD.ORG, zigg@iserv.net
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id PAA02043;
          Wed, 13 Aug 1997 15:06:00 -0700 (PDT)
Message-Id: <199708132206.PAA02043@hub.freebsd.org>
Date: Wed, 13 Aug 1997 15:06:00 -0700 (PDT)
From: zigg@iserv.net
To: freebsd-gnats-submit@FreeBSD.ORG
X-Send-Pr-Version: www-1.0
Subject: bin/4299: named is vulnerable to DNS spoofing
Sender: owner-freebsd-bugs@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


>Number:         4299
>Category:       bin
>Synopsis:       named is vulnerable to DNS spoofing
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 13 15:10:00 PDT 1997
>Last-Modified:
>Originator:     Matt Behrens
>Organization:
>Release:        2.2.2-RELEASE
>Environment:
FreeBSD megaweapon.zigg.net 2.2.2-RELEASE FreeBSD 2.2.2-RELEASE #0: Fri Jun 13 03:02:39 EDT 1997     root@megaweapon.zigg.net:/usr/src/sys/compile/MEGAWEAPON  i386
>Description:
The named included with 2.2.2-RELEASE (4.9.4-p1) is vulnerable to DNS
spoofing by renegade domain name servers.  This spoofing can cause the
host to grant access to spoofed hosts with services that rely on hostname
authentication, such as the infamous "r" daemons.  It can also redirect
mail to other hosts or into the great void easily, as well as prevent
your access to services on certain hosts.
>How-To-Repeat:
Visit http://apostols.org/toolz/dnshack.cgi.  This will insert a bogus
name into your cache.  After visiting this page, you will note that
nslookup returns an address for this name.
>Fix:
Upgrade bind to the latest version, 8.1.1.  Note that this requires
replacing named.boot with named.conf, which can be taken care of with
an included Perl script.
>Audit-Trail:
>Unformatted: