Re: Bug in Bind 9.1.0? [Summary]

Wed, 07 Feb 2001 11:42:04 -0800 

More repro reports. If no credit is given it is because the report was
emailed to me and not the list, and I don't want to get anybody in
trouble...

-------------------------------
I have tried nmap -O -sT -p 53 against a few hosts under my thumbs:
the most hosts are Linux 2.2 but one FreeBSD 4.1 machine.
All hosts run BIND-9.1.0. None was vulberable.


----------------------------------------
From: Marcelo Bartsch <[EMAIL PROTECTED]>

nmap O -sT -p 53 against bind 9.1.0 on solaris 2.7 make no damage, bind
keep running.


----------------------------------------------
From: Ari Gordon-Schlosberg <[EMAIL PROTECTED]>

RedHat 6.2, with the stock 2.2.14-5 kernel, Bind 9.1.0 built with
'./configure ; make ; make install' doesn't appear to be vulnerable.

However, one thing confused me:  The initial report said the command was
'nmap O -sT".  That's not a legal nmap command.  Was it supposed to 'nmap
-O'?

---------------------------------------------------
From: Richard Lindahl <[EMAIL PROTECTED]>

I am running OpenBSD 2.8 on old AMD machine along with bind-9.1.0,
and I am not experiencing any problems. The nmap -O -sT scan did not
crash named for me. Maybe I am just lucky, or OpenBSD 2.8 i386 isnt
vulnerable in this case ?

-------------------------------------
From: Jerry Walsh <[EMAIL PROTECTED]>

I could reproduce this on OpenBSD 2.6 running Bind 9.1 and nmap V. 2.53
using:

nmap -O -sT -p 53 foo.nameserver.com

it crashed named everytime.

And now you wonder why there's a ``keep-running'' script in the bin
directory ;)

--------------------------------------------------
From: "Maarten Van Horenbeeck" <[EMAIL PROTECTED]>

No problems on the following systems:

RedHat 6.2 standard install, bind-9.1.0 built from tarball
Debian 2.2 standard install, bind-9.1.0 built from tarball
Slackware 7, standard install, bind-9.1.0 built from tarball

Kernel on all of this boxes is 2.2.17 for RedHat & Debian, 2.4 on the
Slackware-machine.


-------------------------------------------
From: "Branden R. Williams" <[EMAIL PROTECTED]>

On an upgraded RedHat Linux 7.0 system with a compiled version of Bind
9.1.0, the nmap causes a crash.  Here is what is in the logs.

Feb 7 09:21:15 XX named[223]: connection.c:420: INSIST(sent_bytes == 
connection->out_bytes && sent_bytes == isc_bufferlist_usedcount(&bufferlist)) failed
Feb 7 09:21:15 XX named[223]: exiting (due to assertion failure)



Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com

Reply via email to