Exploitation scripts list? OS/Bind version.

[stuart nichols]

On Tue, 3 Apr 2001, Jim Reid wrote:

> stuart> If you know of any scripts that exploit particular
> stuart> operating systems with particular versions of bind, please
> stuart> let me know the specific combinations.  I do NOT need the
> stuart> scripts.  I want people to sit up and listen tomorrow and
> stuart> say to themselves "Hey, that's what MY system is!"  Any
> stuart> help will be appreciated.

> Start at the ISC's BIND security announcement and then follow that up
> with a search of the CERT advisories.

> http://www.isc.org/products/BIND/bind-security.html
> http://www.cert.org

Thanks.  I've looked both these places, and they have very little
in the way of Operating System specifics.  In my talk tomorrow
I will be targeting managers who will be deciding whether or not
to send their technical people to the bind upgrade seminar.  They
will not, for the most part, know whether they are on 4.9.5 or
8.1.2 of bind.  They will, almost certainly, know if their machines
run FreeBSD, RedHat Linux, or True-64 Unix.

I need to know of known scripts for exploiting a particular
operating system version, such as Glorp Linux, Version 6.2.
Anyone that knows of even one such exploitation script, please
let me know.  I don't need the script, and I don't need to
know how to find the script.  I just need the OS/OS version number.
I want to light a fire under the managers sitting in the audience
so that they will know that their particular OS version has been
compromised somewhere else.  It will help them face the facts.

--

stu
binduser at stac.state.tx.us

Office: (512) 463-7601
FAX:    (512) 475-4759

stuart nichols
State Technology Assessment Center
Texas Department of Information Resources
300 West 15th Street
Austin  TX  78744