Code Red : Stack Smash in bind 9.3.3

Ajith Vargese Thampi ajith.thampi at gmail.com
Mon Jan 29 02:24:54 UTC 2007 

On 1/29/07, Mark Andrews <Mark_Andrews at isc.org> wrote:
>
>
> > Still a problem with the latest 9.3.4 series.
>
>         Which is not suprising given that BIND 9.3.4 didn't claim to
>         fix it.  Also we havn't managed to reproduce it.  You havn't
>         responded to our lates queries from bind9-bugs, which is where
>         this really should have been raised in the first place.

Sorry about that. I have not subscribed to bind-9 bugs so didnt receive much
there.

        GCC 3.x.x does not define the compiler.


GCC 3.4.4

        To have a chance of fixing this we need to be able to
>         reproduce it.  Complaining here that it is not fixed really
>         isn't productive.


I am attaching an strace report ( strace -s 8192 -xx ....) so that you could
get a better idea.

> Stack smash attack on function query_find.
> > Attaching the straced output. any other way of getting the details you
> > require?
> >
> > On 1/12/07, Neil Kettle <mu-b at 65535.com> wrote:
> > >
> > > hmmm, it is rather interesting that you should say that as I do know
> > > that there exists a bind9.x remote root 0day exploit. However, I do
> not
> > > have a copy nor know where the vulnerability is, but can definitely
> > > confirm that an exploit exists.
> > >
> > > Do you have a more detailed stack trace?, I have been performing an
> audit
> > > of the bind9 sources and found a couple of issues, one off-by-one in
> named
> > > (that may be reachable, but appears non-exploitable) and another
> complete
> > > smash that is totally unexploitable.
> > > --
> > >
> > >
> ---------------------------------------------------------------------------
> > > mu-b
> > >
> >
> >
> >
> > --
> > Thanks and Regards
> > Aristo
> > Mob # +91 9980089699
> > Registered Linux User #415170
> >
> >
> >
> >
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org
>



-- 
Thanks and Regards
Aristo
Mob # +91 9980089699
Registered Linux User #415170

More information about the bind-users mailing list