Code Red : Stack Smash in bind 9.3.3
Mark Andrews
Mark_Andrews at isc.org
Mon Jan 29 01:21:54 UTC 2007
> Still a problem with the latest 9.3.4 series.
Which is not suprising given that BIND 9.3.4 didn't claim to
fix it. Also we havn't managed to reproduce it. You havn't
responded to our lates queries from bind9-bugs, which is where
this really should have been raised in the first place.
GCC 3.x.x does not define the compiler.
To have a chance of fixing this we need to be able to
reproduce it. Complaining here that it is not fixed really
isn't productive.
> Stack smash attack on function query_find.
> Attaching the straced output. any other way of getting the details you
> require?
>
> On 1/12/07, Neil Kettle <mu-b at 65535.com> wrote:
> >
> > hmmm, it is rather interesting that you should say that as I do know
> > that there exists a bind9.x remote root 0day exploit. However, I do not
> > have a copy nor know where the vulnerability is, but can definitely
> > confirm that an exploit exists.
> >
> > Do you have a more detailed stack trace?, I have been performing an audit
> > of the bind9 sources and found a couple of issues, one off-by-one in named
> > (that may be reachable, but appears non-exploitable) and another complete
> > smash that is totally unexploitable.
> > --
> >
> > ---------------------------------------------------------------------------
> > mu-b
> >
>
>
>
> --
> Thanks and Regards
> Aristo
> Mob # +91 9980089699
> Registered Linux User #415170
>
>
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list