It's on ISC:
http://isc.sans.edu/diary.html?n&storyid=12049
c
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Security
Sent: Wednesday, November 16, 2011 1:25 AM
To: security-basics (at) securityfocus (dot) com [email concealed]
Subject: 0day BIND vuln/exploit?
Hey guys,
Wondering if anyone is aware of a 0day BIND vuln/expl floating around in
the wild. A few networks have got`n hit and Id like to make sure mine is
ready if an attack does find its way to my door steps.
Some logs from a friends network that did get hit with it:
Nov 15 20:50:17 nc-ns-2 named[2859]: query.c:1781: INSIST(!
dns_rdataset_isassociated(sigrdataset)) failed
Nov 15 20:50:17 nc-ns-2 named[2859]: exiting (due to assertion failure)
[5111275.374242] UDP: short packet: From 194.116.73.150:0 52376/1480 to
dst-IP-x.x.x.x:0
[5111788.558808] UDP: short packet: From 216.86.101.76:0 52376/1480 to
dst-IP-x.x.x.x:0
[5111910.128768] UDP: short packet: From 194.116.73.150:0 52376/1480 to
dst-IP-x.x.x.x:0
[5112394.335742] UDP: short packet: From 216.86.101.76:0 52376/1480 to
dst-IP-x.x.x.x:0
[5115826.265834] UDP: short packet: From 50.0.0.0:0 52376/1480 to
dst-IP-x.x.x.x:0
(dst-IP-x.x.x.) used to hid his real dns ip of course
nc-nscache-2:~# dpkg -l | grep bind
ii bind9 1:9.6.ESV.R4+dfsg-0+lenny3
Internet Domain Name Server
we found a few links to cvs with a vuln like this one but they have
since all been fixed/updated.
With all do respect please don't reply with "solution = don't run bind"
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://isc.sans.edu/diary.html?n&storyid=12049
c
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Security
Sent: Wednesday, November 16, 2011 1:25 AM
To: security-basics (at) securityfocus (dot) com [email concealed]
Subject: 0day BIND vuln/exploit?
Hey guys,
Wondering if anyone is aware of a 0day BIND vuln/expl floating around in
the wild. A few networks have got`n hit and Id like to make sure mine is
ready if an attack does find its way to my door steps.
Some logs from a friends network that did get hit with it:
Nov 15 20:50:17 nc-ns-2 named[2859]: query.c:1781: INSIST(!
dns_rdataset_isassociated(sigrdataset)) failed
Nov 15 20:50:17 nc-ns-2 named[2859]: exiting (due to assertion failure)
[5111275.374242] UDP: short packet: From 194.116.73.150:0 52376/1480 to
dst-IP-x.x.x.x:0
[5111788.558808] UDP: short packet: From 216.86.101.76:0 52376/1480 to
dst-IP-x.x.x.x:0
[5111910.128768] UDP: short packet: From 194.116.73.150:0 52376/1480 to
dst-IP-x.x.x.x:0
[5112394.335742] UDP: short packet: From 216.86.101.76:0 52376/1480 to
dst-IP-x.x.x.x:0
[5115826.265834] UDP: short packet: From 50.0.0.0:0 52376/1480 to
dst-IP-x.x.x.x:0
(dst-IP-x.x.x.) used to hid his real dns ip of course
nc-nscache-2:~# dpkg -l | grep bind
ii bind9 1:9.6.ESV.R4+dfsg-0+lenny3
Internet Domain Name Server
we found a few links to cvs with a vuln like this one but they have
since all been fixed/updated.
With all do respect please don't reply with "solution = don't run bind"
Cheers
-Payam
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]