[GTER] RES: Vulnerabilidade DoS no BIND
Cleber A. Nascimento
cleber at bsd.com.br
Sun Aug 9 08:05:08 -03 2015
Toda série 9 do Bind está vulnerável, independentemente de sistema
operacional. A não ser tenha sido um código previamente auditado e
corrigido pela respectiva equipe de engenharia de releases.
2015-08-09 1:13 GMT-03:00 willian pires <willian_pires at hotmail.com>:
> Centos 6.5
> [root at resolver02 ~]# uname -r 2.6.32-431.el6.x86_64
>
> [root at resolver02 ~]# named -vBIND 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1
> Sussa sem vulnerabilidade.
>
> From: willian_pires at hotmail.com
> To: gter at eng.registro.br
> Subject: RE: [GTER] RES: Vulnerabilidade DoS no BIND
> Date: Sun, 9 Aug 2015 00:09:20 -0400
>
>
>
>
> Para minha tristeza
> # named -v
>
> BIND 9.4.2-P2# uname -a
>
>
> OpenBSD s0s1-verg01.my.domain 5.4 GENERIC#31 sparc64
> Tambem craschou !
> 09-Aug-2015 01:08:22.216 client 179.110.216.238#50244: UDP
> request09-Aug-2015 01:08:22.216 client 179.110.216.238#50244: using view
> '_bind'09-Aug-2015 01:08:22.216 client 179.110.216.238#50244: request is
> not signed09-Aug-2015 01:08:22.216 client 179.110.216.238#50244: recursion
> not available09-Aug-2015 01:08:22.216 client 179.110.216.238#50244:
> query09-Aug-2015 01:08:22.216 client 179.110.216.238#50244: query
> 'version.bind/TXT/CH' approved09-Aug-2015 01:08:22.217 client
> 179.110.216.238#50244: send09-Aug-2015 01:08:22.217 client
> 179.110.216.238#50244: sendto09-Aug-2015 01:08:22.217 client
> 179.110.216.238#50244: senddone09-Aug-2015 01:08:22.217 client
> 179.110.216.238#50244: next09-Aug-2015 01:08:22.217 client
> 179.110.216.238#50244: endrequest09-Aug-2015 01:08:22.217 client
> @0x43c3bf7000: udprecv09-Aug-2015 01:08:22.232 client
> 179.110.216.238#50244: UDP request09-Aug-2015 01:08:22.232 client
> 179.110.216.238#50244: using view '_default'09-Aug-2015 01:08:22.232 client
> 179.110.216.238#50244: request is not signed09-Aug-2015 01:08:22.232 client
> 179.110.216.238#50244: recursion not available09-Aug-2015 01:08:22.232
> client 179.110.216.238#50244: query09-Aug-2015 01:08:22.232
> /usr/src/usr.sbin/bind/lib/dns/message.c:2230: REQUIRE(*name == ((void
> *)0)) failed09-Aug-2015 01:08:22.232 exiting (due to assertion failure)
>
> > From: leonardo.ortiz at marisolsa.com
> > To: gter at eng.registro.br
> > Date: Tue, 4 Aug 2015 15:52:03 +0000
> > Subject: [GTER] RES: Vulnerabilidade DoS no BIND
> >
> > Testamos o Exploit aqui e foi "pimba", daemon do bind deu crash bonito.
> Após a atualização 9.10.2-P3 o problema foi resolvido.
> >
> >
> >
> > -----Mensagem original-----
> > De: gter [mailto:gter-bounces at eng.registro.br] Em nome de Wilson
> Rogerio Lopes
> > Enviada em: segunda-feira, 3 de agosto de 2015 14:55
> > Para: Grupo de Trabalho de Engenharia e Operacao de Redes
> > Assunto: Re: [GTER] Vulnerabilidade DoS no BIND
> >
> > Já tem exploit publicado
> >
> > https://github.com/robertdavidgraham/cve-2015-5477
> >
> >
> >
> >
> >
> > 2015-07-28 19:51 GMT-03:00 Rubens Kuhl <rubensk at gmail.com>:
> >
> > > https://kb.isc.org/article/AA-01272
> > >
> > > Resumo:
> > >
> > > *Solution:* Upgrade to the patched release most closely related to
> > > your current version of BIND. These can be downloaded from
> > > http://www.isc.org/downloads.
> > >
> > > - BIND 9 version 9.9.7-P2
> > > - BIND 9 version 9.10.2-P3
> > >
> > >
> > > Rubens
> > > --
> > > gter list https://eng.registro.br/mailman/listinfo/gter
> > >
> > --
> > gter list https://eng.registro.br/mailman/listinfo/gter
> > --
> > gter list https://eng.registro.br/mailman/listinfo/gter
>
> --
> gter list https://eng.registro.br/mailman/listinfo/gter
>
--
Cleber Alves
.ılı..ılı.
"Observe as estrelas e aprenda com elas." Albert Einstein
More information about the gter
mailing list