Bind 8 Transaction Signatures Heap Overflow Vulnerability
Jim Reid
jim at rfc1035.com
Tue Jan 30 17:01:00 UTC 2001
>>>>> "Roeland" == Roeland Weve <roeland at office.netland.nl> writes:
Roeland> Does anybody know how you can check if your server is
Roeland> hacked with one of the following methods:
Roeland> - Bind 8 Transaction Signatures Heap Overflow Vulnerability
Roeland> - Bind 8 Transaction Signatures Buffer Overflow Vulnerability
Roeland> Will it show up it some log files?
Probably not. The first thing an attacker usually does after gaining
entrance is destroy all evidence that shows how they got in. The next
thing they generally do is leave some obvious sign that they've got
in. Like trashing the file system, installing back doors, adding
entries to the password file, etc, etc.
The vulnerabilities announced yesterday have been demonstrated in the
lab. As far as anyone knows they have not been found "in the wild yet".
Not that that proves things one way or the other. However the fact
that the exploits are now known, it can only be a matter of time
before the script kiddies have new malware for attacking name servers.
More information about the bind-users
mailing list