[LONG] Re: Bind growth
Brad Knowles
brad.knowles at skynet.be
Wed Mar 21 16:34:07 UTC 2001
At 4:38 PM +0100 3/21/01, Roy Arends wrote:
> btw, I've included (below) the CHANGES delta from 8.2.2-P5 / 8.2.3-REL to
> convince you.
[ ... deletia ... ]
> Try it and check again, but as I said, it's better to upgrade. Good chance
> that the 8.2.2p5 core-dump is a result of malicous packets nocking on the
> server.
>
> Regards,
>
> Roy Arends
> Nominum
> ----------------------
> --- 8.2.3-REL released ---
>
> 1139. [bug] inet_{net_,}ntop() had an off-by-one error.
[ ... deletia ... ]
> 896. [contrib] add contrib/adm/adm-nxt, an exploit for the NXT bug
> in 8.2 and 8.2.1. as before, we do not recommend its
> use, and we do recommend that you run the latest BIND.
>
> --- 8.2.2-P5 released ---
BTW, in case someone is *still* not convinced, then I suggest
that they do the math -- subtract 896 from 1139, and you'll note that
there were 243 bugs fixed between those two version numbers.
This is a gargantuan, huge, monstrous, massive, incredible,
unbelievable number of bugs that are fixed, but of course some of
them are more serious than others. The most serious of which are
those bugs which cause the machine to be easily exploitable via
script-kiddie automated "rootkit" attacks, which are very well known
(and frequently used) for BIND versions earlier than 8.2.3.
Moral of the story: GO AHEAD AND JUST DO THE BLOODY UPGRADE ALREADY!!!
P.S. Sorry Roy -- I didn't mean for it to sound like I'm screaming at you.
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* */
/* Thanks to Phil Carmody <fatphil at asdf.org> for additional tweaks. */
/* */
/* Length: 434 bytes (excluding unnecessary newlines) */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
#define m(i)(x[i]^s[i+84])<<
unsigned char x[5],y,s[2048];main(n){for(read(0,x,5);read(0,s,n=2048);write(1,s
,n))if(s[y=s[13]%8+20]/16%4==1){int i=m(1)17^256+m(0)8,k=m(2)0,j=m(4)17^m(3)9^k
*2-k%8^8,a=0,c=26;for(s[y]-=16;--c;j*=2)a=a*2^i&1,i=i/2^j&1<<24;for(j=127;++j<n
;c=c>y)c+=y=i^i/8^i>>4^i>>12,i=i>>8^y<<17,a^=a>>14,y=a^a*8^a<<6,a=a>>8^y<<9,k=s
[j],k="7Wo~'G_\216"[k&7]+2^"cr3sfw6v;*k+>/n."[k>>4]*2^k*257/8,s[j]=k^(k&k*2&34)
*6^c+~y;}}
More information about the bind-users
mailing list