[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: BIND holes

To: <jeremy.caudle@uk.abnamro.com>
Subject: Re: BIND holes
From: Andreas Gunnarsson <andreas@crt.se>
Date: Tue, 30 Jan 2001 15:15:36 +0100 (MET)
Cc: <misc@openbsd.org>

On Tue, 30 Jan 2001 jeremy.caudle@uk.abnamro.com wrote:

> just a bit quick biy of clarification so I can stir the merde un petit peu
> in the office ...
>
> Is my understanding of days mails correct such that :-
>
> The packaged version of BIND for OpenBSD does not have the security holes
> in it
> that are being discussed elsewhere today. They were fixed in 1997 by Theo.

I had a (quick) look at the source and if I am not mistaken that is true
for the buffer overflow vulnerabilities that could potentially allow an
attacker to run arbitrary code (CERT VU#572183 and VU#868916). I don't
guarantee that I haven't overlooked anything, it would be nice if someone
else can have a look at it too.

There is one more vulnerability for bind 4.9.7 (CERT VU#325431) that I
don't think is fixed. According to the advisory it allows an attacker to
'obtain information from systems running BIND', but not to run arbitrary
code. The advisory hints that the information that can be disclosed is the
environment variables. I haven't looked into this at all.

I haven't looked at the ports for bind8 or bind9.

Disclaimer: I don't guarantee that my conclusions are correct. Anyone
concerned should read the advisory and the source themselves to verify
what I say.

   Andreas

--
Andreas Gunnarsson <andreas@crt.se>
+46 31 7014268

Follow-Ups:
- Re: BIND holes
  - From: Dan Harnett <danh@wzrd.com>

References:
- BIND holes
  - From: jeremy.caudle@uk.abnamro.com

Prev by Date: Re: ot? djbdns question
Next by Date: Re: I386 USERS PLEASE READ: wscons
Prev by thread: BIND holes
Next by thread: Re: BIND holes
Index(es):
- Date
- Thread