Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 25 Mar 2001 14:30:48 -0800
From:      Kris Kennaway <kris@obsecurity.org>
To:        Bill Moran <wmoran@iowna.com>
Cc:        Jim Durham <durham@w2xo.pgh.pa.us>, "Conrad T. Pino" <Conrad@Pino.com>, freebsd-questions@FreeBSD.ORG
Subject:   HEADS UP: BIND 8.2.3 INSECURITY (Re: BIND 8.2.3 Crashing Question)
Message-ID:  <20010325143048.C45772@xor.obsecurity.org>
In-Reply-To: <3ABE1342.4A9CDFFF@iowna.com>; from wmoran@iowna.com on Sun, Mar 25, 2001 at 10:48:18AM -0500
References:  <Pine.BSF.4.21.0103242222120.391-100000@shazam.int> <3ABE1342.4A9CDFFF@iowna.com>

next in thread | previous in thread | raw e-mail | index | archive | help

--6zdv2QT/q3FMhpsV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Sun, Mar 25, 2001 at 10:48:18AM -0500, Bill Moran wrote:

> I have also seen trouble with BIND crashing on a 4.2-STABLE machine.
> Looking at it, this is 8.2.3-T6B
> Was that a Beta release? If so, I'd better upgrade before I complain too
> much. I thought I had grabbed a productin release, but I don't even see
> T6B listed on the site.

Yet another person who has managed to stumble through the minefield
for the past 2 months oblivious to the screams of everyone else to
stop.  Those crashes are root exploit attempts, possibly successful
ones.  See the security advisory from 2 months ago, and please
subscribe to one of the mailing lists which carries them to save
yourself the trouble and embarrassment in the future (see
www.freebsd.org/security).

8.2.3-REL is the *only* BIND 8 version which isn't vulnerable to this!

Sorry to rant at you, Bill, but the number of times this question has
been answered on FreeBSD lists, the amount of mainstream and internet
media coverage this problem got, and the amount of information about
the topic available on the internet makes me wonder just what it takes
to get through to people.

Chances are your machine(s) have been compromised, and you should
treat it as such: back up the data, wipe the machine and reinstall it
from trusted media, then selectively restore the data, being careful
not to reinstall anything corrupted by the attacker.

Kris

--6zdv2QT/q3FMhpsV
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6vnGYWry0BWjoQKURAmhYAKDSC7bkUBe/4Q/Kz0e4KOPAPqPxIQCgmGxU
ZTEgAS1I8DOKdECfI/+4UZQ=
=jTsa
-----END PGP SIGNATURE-----

--6zdv2QT/q3FMhpsV--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010325143048.C45772>