[GTER] RES: Vulnerabilidade DoS no BIND

Marcelo Gondim gondim at bsdinfo.com.br
Sun Aug 9 11:35:46 -03 2015


Atualizado desde que saiu a vulnerabilidade, testado e aprovado.  :)

https://www.freebsd.org/security/advisories/FreeBSD-SA-15:17.bind.asc

O anúncio saiu dia 28/07. Hoje são 9 e ainda vejo muita gente vulnerável.
Quando sai o exploit ferra com todo mundo. Por isso que tem que ficar 
atento nas listas de segurança do sistema e outras e atualizar assim que 
sai.
As vezes temos aquele sentimento: isso nunca vai acontecer comigo. 
rsrsrsrs  eu sou paranoico e pode ser atualização do VI, eu faço. hahaha

On 09-08-2015 01:09, willian pires wrote:
> Para minha tristeza
> # named -v                                                                                                                                                                          BIND 9.4.2-P2# uname -a                                                                                                                                                                          OpenBSD s0s1-verg01.my.domain 5.4 GENERIC#31 sparc64
> Tambem craschou !
> 09-Aug-2015 01:08:22.216 client 179.110.216.238#50244: UDP request09-Aug-2015 01:08:22.216 client 179.110.216.238#50244: using view '_bind'09-Aug-2015 01:08:22.216 client 179.110.216.238#50244: request is not signed09-Aug-2015 01:08:22.216 client 179.110.216.238#50244: recursion not available09-Aug-2015 01:08:22.216 client 179.110.216.238#50244: query09-Aug-2015 01:08:22.216 client 179.110.216.238#50244: query 'version.bind/TXT/CH' approved09-Aug-2015 01:08:22.217 client 179.110.216.238#50244: send09-Aug-2015 01:08:22.217 client 179.110.216.238#50244: sendto09-Aug-2015 01:08:22.217 client 179.110.216.238#50244: senddone09-Aug-2015 01:08:22.217 client 179.110.216.238#50244: next09-Aug-2015 01:08:22.217 client 179.110.216.238#50244: endrequest09-Aug-2015 01:08:22.217 client @0x43c3bf7000: udprecv09-Aug-2015 01:08:22.232 client 179.110.216.238#50244: UDP request09-Aug-2015 01:08:22.232 client 179.110.216.238#50244: using view '_default'09-Aug-2015 01:08:22.232 client 179.110.216.238#50244: request is not signed09-Aug-2015 01:08:22.232 client 179.110.216.238#50244: recursion not available09-Aug-2015 01:08:22.232 client 179.110.216.238#50244: query09-Aug-2015 01:08:22.232 /usr/src/usr.sbin/bind/lib/dns/message.c:2230: REQUIRE(*name == ((void *)0)) failed09-Aug-2015 01:08:22.232 exiting (due to assertion failure)
>
>> From: leonardo.ortiz at marisolsa.com
>> To: gter at eng.registro.br
>> Date: Tue, 4 Aug 2015 15:52:03 +0000
>> Subject: [GTER] RES:  Vulnerabilidade DoS no BIND
>>
>> Testamos o Exploit aqui e foi "pimba", daemon do bind deu crash bonito. Após a atualização 9.10.2-P3 o problema foi resolvido.
>>
>>
>>
>> -----Mensagem original-----
>> De: gter [mailto:gter-bounces at eng.registro.br] Em nome de Wilson Rogerio Lopes
>> Enviada em: segunda-feira, 3 de agosto de 2015 14:55
>> Para: Grupo de Trabalho de Engenharia e Operacao de Redes
>> Assunto: Re: [GTER] Vulnerabilidade DoS no BIND
>>
>> Já tem exploit publicado
>>
>> https://github.com/robertdavidgraham/cve-2015-5477
>>
>>
>>
>>
>>
>> 2015-07-28 19:51 GMT-03:00 Rubens Kuhl <rubensk at gmail.com>:
>>
>>> https://kb.isc.org/article/AA-01272
>>>
>>> Resumo:
>>>
>>> *Solution:*  Upgrade to the patched release most closely related to
>>> your current version of BIND.  These can be downloaded from
>>> http://www.isc.org/downloads.
>>>
>>>     - BIND 9 version 9.9.7-P2
>>>     - BIND 9 version 9.10.2-P3
>>>
>>>





More information about the gter mailing list