ok, can you test this program ? Because I effectively think that the last
version of bind is secure, but when I test this program on a FreeBsd Unix,
before and after the patch, there is a difference. After the Freebsd is
unsecure, after the patch, it is not vulnerable ...
This program has been posted to a security mailing list.
These are words from the guy:
>Attached is a program written to test for vulnerability to the fake
>inverse query overflow problem. If the person has a new version of bind
>(the versions suggested in the CERT advisory) it will still say they are
>vulnerable. The only true way to test for vulnerability remotely is to
>try to crash or exploit the server.
>
>So, in a nutshell, this program will tell you if the remote host has
>their fake-iquery option turned on.
>
>
>Joshua J. Drake
>(scribbly handwriting here)
>[EMAIL PROTECTED]
Thanks
--
cedric
>-----Original Message-----
>From: Bryan Andregg [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, May 19, 1998 2:18 PM
>To: [EMAIL PROTECTED]
>Cc: [EMAIL PROTECTED]
>Subject: Re: BIND 4.9.6-7 security hole
>
>
>On Tue, 19 May 1998 10:55:12 +0200, "Cedric MARSOT" wrote:
>>I said exactly the same thing when the fix has been posted by
>RedHat. I told
>>them that bind 4.9.6-7 was still vulnerable and they reply to me that the
>>security hole has been corrected ...
>>
>>So I am not the only one that found the problem ....
>
>I maintain that 4.9.6-7 and 4.9.6-1.1 (for 4.2) are not vulnerable. I am
>working with the person who posted the original report to confirm this.
>
>Let me emphasise:
>
> The BIND security problem was reported by Paul Vixie (who maintains
>it) before any announcements were made. This was to ensure that all vendors
>had the patched releases ready to go. The versions listed above are the
>direct result of Paul's patches.
>
> There is currently a script floating around that some people are
>confusing for an exploit. This script (boft) simply checks if the
>server has
>the fake-iquery option turned on or off. This script cannot report as to
>whether or not the binary is vulerable to an attack through this hole.
>
>At this time there has been no exploit posted for bind to the
>security mailing
>lists.
>--
> Bryan C. Andregg * <[EMAIL PROTECTED]> * Red Hat Software
>
>"Hey, wait a minute, you clowns are on dope!"
> -- Owen Cheese in 'Shakes the Clown'
>
boft.tar.gz
