Exploitation scripts list? OS/Bind version.

stuart nichols binduser at stac.state.tx.us
Tue Apr 3 21:12:16 UTC 2001 

On Tue, 3 Apr 2001, Jim Reid wrote:

stuart> Thanks.  I've looked both these places, and they have very
stuart> little in the way of Operating System specifics.  In my
stuart> talk tomorrow I will be targeting managers who will be
stuart> deciding whether or not to send their technical people to
stuart> the bind upgrade seminar.  They will not, for the most
stuart> part, know whether they are on 4.9.5 or 8.1.2 of bind.
stuart> They will, almost certainly, know if their machines run
stuart> FreeBSD, RedHat Linux, or True-64 Unix.

Jim> You asked about info on BIND security holes.

Uh... No I didn't.  Look at the subject line.

Jim> I gave you references.  Those holes can be exploited irrespective of
Jim> what version of UNIX that the vulnerable version of BIND runs on.
Jim> They are not OS specific.  The holes are specific to old versions of
Jim> BIND.

I'm quite aware of which Bind versions are vunerable, and even why,
right down to the code.  I was on this list a long time before I
first noticed YOUR name.  Exploiting BIND vunerabilities takes some
very detailed knowledge of the operating system and the way in
which the particular executable was compiled, including options.

Now, I'll try one more time, since if you didn't understand what
I meant, Jim, maybe others didn't, either:

"There are currently scripts in circulation that can exploit the
vunerabilities of old versions of BIND on particular Operating
Systems. I want to know what OSes are known to have been compromised
with such scripts.  Please include OS version number."

I really don't know how to word the question any clearer than
that, Jim, so if you don't understand why I would ask the question,
or you don't want to answer it, FINE.  Other people will (some have,
already), and you aren't required to.

--

stu
stu at stac.state.tx.us

Office: (512) 463-7601
FAX:    (512) 475-4759

stuart nichols
State Technology Assessment Center
Texas Department of Information Resources
300 West 15th Street
Austin  TX  78744

More information about the bind-users mailing list