On Sat, Aug 1, 2009 at 3:25 PM, yersinia <[email protected]> wrote:
> On Fri, Jul 31, 2009 at 5:58 PM, Kingcope<[email protected]> wrote: > > Hello people, > > Yes there is a warning when the PoC is compiled. But I guess that is > > not a big issue. > > No, problem. It is only necessary to include stdlib.h because malloc > is implicitily defined (gcc complaint). Anyway, your POC work as > aspected. Thanks. In this days it is difficult to see a true exploit > in a mailing list. The fact that bug was discovered from someone else > is not important : you have rewritten in another language, so it is > only your work. > > Regards > > So about what PoC am I talking about? > > It seems that the moderator of bugtraq keeps blocking me because of fancy > > headlines maybe. The moderator of bugtraq blocked the actual exploit but > let > > the following messages slip through. The PoC is on milw0rm.com and > > full disclosure. > > Thanks for clarifying the issue with the zones, I really have not a > > 100% understanding > > of the DNS protocol therefore I took a guess on my named.conf file and > put the > > address into the PoC. > > > > Thanks for your time, > > > > Kingcope > > > > > > 2009/7/31 yersinia <[email protected]>: > >> Repost for mailing problem. > >> On Fri, Jul 31, 2009 at 12:14 AM, yersinia <[email protected]> > wrote: > >>> > >>> On Thu, Jul 30, 2009 at 1:24 PM, Kingcope <[email protected]> > wrote: > >>>> > >>>> Hello again, > >>>> the default setting of 127.in-addr.arpa is a bit weird > >>>> > >>>> try > >>>> ./bind <ip> localhost > >>> > >>> Never mind. I have only a warning from gcc because it was necessary to > include stdlib.h for malloc. > >>> > >>> But, the important thing is that it works as aspected. > >>> > >>> Regards > >>>> > >>>> lewls > >>>> > >>>> XD > >>>> > >>>> kcope > >>>> > Hello all, By reading the US-CERT vulnerability issue (CVE-2009-0696) I found this : "The vulnerability affects all servers that are masters for one or more zones and is not limited to those that are configured to allow dynamic updates ". I have some Infoblox master DNS servers with not-allowed dynamic updates, so I'm wondering if they are vulnerable to this attack and if somebody test this PoC on a DNS server which not allow dynamic updates? What is the comportement in this case? Thanks for the help, -- taha
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
