Bind 8.3.3. What does a buffer exploit attempt look like?
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Wed Jul 3 03:17:34 UTC 2002
>
>
> Hi,
>
> When BIND 8.3.3 logs a remote buffer overrun what
> will the log indicate ?
libbind:
"gethostans: possible attempt to exploit buffer overflow while looking up %s"
named:
"late CNAME in answer section for %s %s from %s"
> I've seen some malformed responses in the security log. Before upgrading
> I had many messages like 'ns_resp: TCP truncated:' on the console.
This just means that the answer was truncated even after
falling back to TCP. Web hosters that think that they need
a PTR record for every virtual site are the main offenders.
I make you wonder what else they don't know.
> TIA, TW
>
>
>
> _________________________________________________________________
> Join the worlds largest e-mail service with MSN Hotmail.
> http://www.hotmail.com
>
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list