Known exploits for bind 4
Mark_Andrews at iengines.com
Mark_Andrews at iengines.com
Tue Nov 16 21:30:19 UTC 1999
> > I am trying to convince my employer to upgrade to Bind 8 but I ma
> > getting some resistance from the "if'n it's good 'nuff fer my daddy,
> > it's good 'nuf fer me" types. The Winbigots are resisting too
> > becasue they want to deploy MS DNS when NT5 arrives and figure delaying
> > bind 8 will help their cause.
> >
> > One thing that might help me to convince the bosses is the security
> > problems with the bind 4.8 we are using. I have checked teh usual
> > cracker sites but none list anything for bind 4.older.than.dirt. Is
> > there a listing of known exploits for such an early versions of bind?
>
> There's a nice index at
> http://www.isc.org/products/BIND/bind-security-19991108.html that might
> help, though it doesn't provide much ammo
> for truly ancient versions of BIND.
>
> cricket
>
> Acme Byte & Wire
> cricket at acmebw.com
> www.acmebw.com
>
> Attend the next Internet Software Consortium/Acme Byte & Wire
> DNS and BIND class! See www.acmebw.com/training.htm for
> the schedule and to register for upcoming classes.
>
>
With truly ancient BINDs I can add records to the zones it is
serving as there are no checks against this. This is what got
me into fixing BIND back in 1992.
Mark
--
Mark Andrews, Internet Engines Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at iengines.com
More information about the bind-users
mailing list