[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] debian bug report on bind9 DoS
From:       Solar Designer <solar () openwall ! com>
Date:       2009-07-29 13:48:19
Message-ID: 20090729134819.GA29121 () openwall ! com
[Download RAW message or body]

On Wed, Jul 29, 2009 at 05:15:09PM +0400, Solar Designer wrote:
> Confirmed on 9.3.5-P2 (removing the "$packet->sign_tsig(...)" line from
> the exploit as above) with whatever patches we happened to have until
> this latest fix.

It gets worse: I was also able to crash named from an IP address
explicitly denied in "allow-query".  I did verify that non-malicious
queries from that IP address were indeed correctly denied.

It appears that BIND does too much processing too early in the code.

Alexander
[prev in list] [next in list] [prev in thread] [next in thread]