More repro reports. If no credit is given it is because the report was
emailed to me and not the list, and I don't want to get anybody in
trouble...
-------------------------------
I have tried nmap -O -sT -p 53 against a few hosts under my thumbs:
the most hosts are Linux 2.2 but one FreeBSD 4.1 machine.
All hosts run BIND-9.1.0. None was vulberable.
----------------------------------------
From: Marcelo Bartsch <[EMAIL PROTECTED]>
nmap O -sT -p 53 against bind 9.1.0 on solaris 2.7 make no damage, bind
keep running.
----------------------------------------------
From: Ari Gordon-Schlosberg <[EMAIL PROTECTED]>
RedHat 6.2, with the stock 2.2.14-5 kernel, Bind 9.1.0 built with
'./configure ; make ; make install' doesn't appear to be vulnerable.
However, one thing confused me: The initial report said the command was
'nmap O -sT". That's not a legal nmap command. Was it supposed to 'nmap
-O'?
---------------------------------------------------
From: Richard Lindahl <[EMAIL PROTECTED]>
I am running OpenBSD 2.8 on old AMD machine along with bind-9.1.0,
and I am not experiencing any problems. The nmap -O -sT scan did not
crash named for me. Maybe I am just lucky, or OpenBSD 2.8 i386 isnt
vulnerable in this case ?
-------------------------------------
From: Jerry Walsh <[EMAIL PROTECTED]>
I could reproduce this on OpenBSD 2.6 running Bind 9.1 and nmap V. 2.53
using:
nmap -O -sT -p 53 foo.nameserver.com
it crashed named everytime.
And now you wonder why there's a ``keep-running'' script in the bin
directory ;)
--------------------------------------------------
From: "Maarten Van Horenbeeck" <[EMAIL PROTECTED]>
No problems on the following systems:
RedHat 6.2 standard install, bind-9.1.0 built from tarball
Debian 2.2 standard install, bind-9.1.0 built from tarball
Slackware 7, standard install, bind-9.1.0 built from tarball
Kernel on all of this boxes is 2.2.17 for RedHat & Debian, 2.4 on the
Slackware-machine.
-------------------------------------------
From: "Branden R. Williams" <[EMAIL PROTECTED]>
On an upgraded RedHat Linux 7.0 system with a compiled version of Bind
9.1.0, the nmap causes a crash. Here is what is in the logs.
Feb 7 09:21:15 XX named[223]: connection.c:420: INSIST(sent_bytes ==
connection->out_bytes && sent_bytes == isc_bufferlist_usedcount(&bufferlist)) failed
Feb 7 09:21:15 XX named[223]: exiting (due to assertion failure)
Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com