[LONG] Re: Bind growth

[Brad Knowles]

At 4:38 PM +0100 3/21/01, Roy Arends wrote:

>  btw, I've included (below) the CHANGES delta from 8.2.2-P5 / 8.2.3-REL to
>  convince you.

	[ ... deletia ... ]

>  Try it and check again, but as I said, it's better to upgrade. Good chance
>  that the 8.2.2p5 core-dump is a result of malicous packets nocking on the
>  server.
>
>  Regards,
>
>  Roy Arends
>  Nominum
>  ----------------------
>  	--- 8.2.3-REL released ---
>
>  1139.	[bug]		inet_{net_,}ntop() had an off-by-one error.

	[ ... deletia ... ]

>   896.	[contrib]	add contrib/adm/adm-nxt, an exploit for the NXT bug
>  			in 8.2 and 8.2.1.  as before, we do not recommend its
>  			use, and we do recommend that you run the latest BIND.
>
>  	--- 8.2.2-P5 released ---

	BTW, in case someone is *still* not convinced, then I suggest 
that they do the math -- subtract 896 from 1139, and you'll note that 
there were 243 bugs fixed between those two version numbers.

	This is a gargantuan, huge, monstrous, massive, incredible, 
unbelievable number of bugs that are fixed, but of course some of 
them are more serious than others.  The most serious of which are 
those bugs which cause the machine to be easily exploitable via 
script-kiddie automated "rootkit" attacks, which are very well known 
(and frequently used) for BIND versions earlier than 8.2.3.


	Moral of the story: GO AHEAD AND JUST DO THE BLOODY UPGRADE ALREADY!!!




P.S.  Sorry Roy -- I didn't mean for it to sound like I'm screaming at you.

--
Brad Knowles, <brad.knowles at skynet.be>

/*     efdtt.c     Author:  Charles M. Hannum <root at ihack.net>             */
/*                                                                         */
/*     Thanks to Phil Carmody <fatphil at asdf.org> for additional tweaks.    */
/*                                                                         */
/*     Length:  434 bytes (excluding unnecessary newlines)                 */
/*                                                                         */
/*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob           */
/*     where title-key = "153 2 8 105 225" or other similar 5-byte key     */

#define m(i)(x[i]^s[i+84])<<
unsigned char x[5],y,s[2048];main(n){for(read(0,x,5);read(0,s,n=2048);write(1,s
,n))if(s[y=s[13]%8+20]/16%4==1){int i=m(1)17^256+m(0)8,k=m(2)0,j=m(4)17^m(3)9^k
*2-k%8^8,a=0,c=26;for(s[y]-=16;--c;j*=2)a=a*2^i&1,i=i/2^j&1<<24;for(j=127;++j<n
;c=c>y)c+=y=i^i/8^i>>4^i>>12,i=i>>8^y<<17,a^=a>>14,y=a^a*8^a<<6,a=a>>8^y<<9,k=s
[j],k="7Wo~'G_\216"[k&7]+2^"cr3sfw6v;*k+>/n."[k>>4]*2^k*257/8,s[j]=k^(k&k*2&34)
*6^c+~y;}}