* BIND 9 nameservers performing recursive queries could cache an invalid
record and subsequent queries for that record could crash the resolvers
with an assertion failure. [RT #26590]
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Henri Salo
Sent: Wednesday, November 16, 2011 11:58 AM
To: security-basics (at) securityfocus (dot) com [email concealed]
Subject: Re: 0day BIND vuln/exploit?
On Wed, Nov 16, 2011 at 12:25:07AM -0800, Security wrote:
> Hey guys,
>
> Wondering if anyone is aware of a 0day BIND vuln/expl floating
> around in the wild. A few networks have got`n hit and Id like to
> make sure mine is ready if an attack does find its way to my door
> steps.
>
> Some logs from a friends network that did get hit with it:
>
> Nov 15 20:50:17 nc-ns-2 named[2859]: query.c:1781: INSIST(!
> dns_rdataset_isassociated(sigrdataset)) failed
> Nov 15 20:50:17 nc-ns-2 named[2859]: exiting (due to assertion failure)
>
> [5111275.374242] UDP: short packet: From 194.116.73.150:0 52376/1480
> to dst-IP-x.x.x.x:0
> [5111788.558808] UDP: short packet: From 216.86.101.76:0 52376/1480
> to dst-IP-x.x.x.x:0
> [5111910.128768] UDP: short packet: From 194.116.73.150:0 52376/1480
> to dst-IP-x.x.x.x:0
> [5112394.335742] UDP: short packet: From 216.86.101.76:0 52376/1480
> to dst-IP-x.x.x.x:0
> [5115826.265834] UDP: short packet: From 50.0.0.0:0 52376/1480 to
> dst-IP-x.x.x.x:0
>
> (dst-IP-x.x.x.) used to hid his real dns ip of course
>
> nc-nscache-2:~# dpkg -l | grep bind
> ii bind9 1:9.6.ESV.R4+dfsg-0+lenny3
> Internet Domain Name Server
>
> we found a few links to cvs with a vuln like this one but they have
> since all been fixed/updated.
>
> With all do respect please don't reply with "solution = don't run bind"
>
> Cheers
> -Payam
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
https://deepthought.isc.org/article/AA-00540/81/BIND-9.8.1-P1-Release-No
tes.html
Security Fixes
9.8.1-P1
* BIND 9 nameservers performing recursive queries could cache an invalid
record and subsequent queries for that record could crash the resolvers
with an assertion failure. [RT #26590]
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Henri Salo
Sent: Wednesday, November 16, 2011 11:58 AM
To: security-basics (at) securityfocus (dot) com [email concealed]
Subject: Re: 0day BIND vuln/exploit?
On Wed, Nov 16, 2011 at 12:25:07AM -0800, Security wrote:
> Hey guys,
>
> Wondering if anyone is aware of a 0day BIND vuln/expl floating
> around in the wild. A few networks have got`n hit and Id like to
> make sure mine is ready if an attack does find its way to my door
> steps.
>
> Some logs from a friends network that did get hit with it:
>
> Nov 15 20:50:17 nc-ns-2 named[2859]: query.c:1781: INSIST(!
> dns_rdataset_isassociated(sigrdataset)) failed
> Nov 15 20:50:17 nc-ns-2 named[2859]: exiting (due to assertion failure)
>
> [5111275.374242] UDP: short packet: From 194.116.73.150:0 52376/1480
> to dst-IP-x.x.x.x:0
> [5111788.558808] UDP: short packet: From 216.86.101.76:0 52376/1480
> to dst-IP-x.x.x.x:0
> [5111910.128768] UDP: short packet: From 194.116.73.150:0 52376/1480
> to dst-IP-x.x.x.x:0
> [5112394.335742] UDP: short packet: From 216.86.101.76:0 52376/1480
> to dst-IP-x.x.x.x:0
> [5115826.265834] UDP: short packet: From 50.0.0.0:0 52376/1480 to
> dst-IP-x.x.x.x:0
>
> (dst-IP-x.x.x.) used to hid his real dns ip of course
>
> nc-nscache-2:~# dpkg -l | grep bind
> ii bind9 1:9.6.ESV.R4+dfsg-0+lenny3
> Internet Domain Name Server
>
> we found a few links to cvs with a vuln like this one but they have
> since all been fixed/updated.
>
> With all do respect please don't reply with "solution = don't run bind"
>
> Cheers
> -Payam
http://www.isc.org/software/bind/advisories/cve-2011-tbd
http://security-tracker.debian.org/tracker/source-package/bind
Best regards,
Henri Salo
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]