Date: Mon, 26 Mar 2001 10:39:56 -0500 From: Bill Moran <wmoran@iowna.com> To: Kris Kennaway <kris@obsecurity.org>, freebsd-questions@freebsd.org Subject: Re: HEADS UP: BIND 8.2.3 INSECURITY (Re: BIND 8.2.3 Crashing Question) Message-ID: <3ABF62CC.1A8846ED@iowna.com> References: <Pine.BSF.4.21.0103242222120.391-100000@shazam.int> <3ABE1342.4A9CDFFF@iowna.com> <20010325143048.C45772@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I've talked to the client and scheduled downtime to rebuild this server tonight. I have a few questions concerning this BIND thing, it seems I've missed some things along the road. 1. Can anyone direct me to a specific place where I can find details on the exploits? The best information I've found so far today is on ISC's site and all they say is that this is "critical" and "exploitable". I need to know just how potentially exploitable, so I can assess whether or not to be concerned that the internal network may have been compromised. 2. What's the opinion on BIND-8.2.3 vs. 9.1? I tend to stay away from anything that looks like beta code (notice how I failed to follow that rule and am paying for it) But it seems like every version of BIND has had problems. Is there good reason to go to 9.1? Should I just bite the bullet and try out djbdns? Any opinions are welcome. -Bill Kris Kennaway wrote: > > On Sun, Mar 25, 2001 at 10:48:18AM -0500, Bill Moran wrote: > > > I have also seen trouble with BIND crashing on a 4.2-STABLE machine. > > Looking at it, this is 8.2.3-T6B > > Was that a Beta release? If so, I'd better upgrade before I complain too > > much. I thought I had grabbed a productin release, but I don't even see > > T6B listed on the site. > > Yet another person who has managed to stumble through the minefield > for the past 2 months oblivious to the screams of everyone else to > stop. Those crashes are root exploit attempts, possibly successful > ones. See the security advisory from 2 months ago, and please > subscribe to one of the mailing lists which carries them to save > yourself the trouble and embarrassment in the future (see > www.freebsd.org/security). > > 8.2.3-REL is the *only* BIND 8 version which isn't vulnerable to this! > > Sorry to rant at you, Bill, but the number of times this question has > been answered on FreeBSD lists, the amount of mainstream and internet > media coverage this problem got, and the amount of information about > the topic available on the internet makes me wonder just what it takes > to get through to people. > > Chances are your machine(s) have been compromised, and you should > treat it as such: back up the data, wipe the machine and reinstall it > from trusted media, then selectively restore the data, being careful > not to reinstall anything corrupted by the attacker. > > Kris > > ------------------------------------------------------------------------ > Part 1.2Type: application/pgp-signature To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3ABF62CC.1A8846ED>