[security] bind ??

[Jakub Bogusz]

On Fri, Mar 07, 2003 at 12:17:03PM +0100, Michał J. Podyma wrote:
> helo !
> 
> czy ktos wie o co chodzi z tym bindem, bo oprocz informacji
> w changelogu [1319, 1319] nie znalazlem nic wiecej.

HGW, na bugtraq o tym rozmawiają od 3 dni.

Ostatnio pojawiły się takie informacje:

| Problem Description:
|         ISC has discovered or has been notified of several bugs which
|         can result in vulnerabilities of varying levels of severity in
|         BIND as distributed by ISC. Upgrading to BIND version 9.2.2
|         is strongly recommended.
(Michael Walton / Sorcerer)

| I'm rather puzzled by it too :-).  Some days before before the 9.2.2
| release, my 9.2.1 nameserver was getting repeatedly killed (with an
| assertion failure) by a stream of DNS queries over TCP from one of our
| users.  Every time I restarted it, it would die again within a few seconds.
| We "solved" the problem by blocking traffic from the customer who was
| generating all the TCP queries.
| 
| I reported this to ISC, and was informed that this was fixed in 9.2.2rc1
| (but my request for more details was ignored).
| 
| So, if nothing else, I consider 9.2.2 to be a fix for a denial of service
| problem.
(Scott Wunsch)


> moze warto by zaktualizowac w ra ?? tak na wszelki wypadek ???
> 
> <changes>
> ...
> 1319.   [func]          libbind: log attempts to exploit #1318.
> 1318.   [bug]           libbind: Remote buffer overrun.
> ...
> </changes>

Jeden overflow w libbind był załatany przez sec-from-833.patch.
Czy to tylko to, nie jestem pewien - w libbind jest więcej zmian,
z których część trudno mi ocenić bez dłuższego zagłębiania się.


-- 
Jakub Bogusz    http://cyber.cs.net.pl/~qboosh/