For those of you keeping score, here are the (very unscientific) tallied
repro reports so far on this issue:
OS Yes No
BSDi 4.0 1
BSD/OS 4.1 1
BSD/OS 4.2 1
Debian 2.2 3
FreeBSD 2.26 1
FreeBSD 4.1 2
FreeBSD 4.2-S 1 1
Linux 2.0 1
Linux 2.2 5
Linux 2.4 4
NetBSD 1.5 1 1
OpenBSD 2.5 1
OpenBSD 2.8 1 1
RedHat 6.2 2
RedHat 7.0 1 1
Slackware 7 2
Solaris 2.7 1
Solaris 7 1
These numbers include the reports below. Also, the numbers for the linux
kernels reflect both reports where it was the only OS info given, as well
as reports for which a distro and version were given.
As mentioned below, Bind 9.1.1rc1 is now available, and may resolve this
issue. More info on this is available at:
http://www.isc.org/products/BIND/bind9-beta.html
and the software itself is here:
ftp://ftp.isc.org/isc/bind9/9.1.1rc1/bind-9.1.1rc1.tar.gz
-------------------------
OS: FreeBSD 2.2.6-RELEASE
status: keeps on ticking
OS: OpenBSD 2.5
status: crashes into oblivion in netaddr.c
---------------------------
I have tried the following:
nmap versions 2.00, 2.01, 2.02, 2.03, 2.04, 2.05, 2.06, 2.07, 2.08,
2.09, 2.10, 2.11, 2.12, 2.2-BETA1, 2.2-BETA3, 2.2-BETA4, and 2.50 all
against BIND9.1.0 on FreeBSD 4.2-S (CVS and build date of 2/4/2001) and
was unable to reproduce the problems.
-------------------------------------
From: matt sommer <[EMAIL PROTECTED]>
nmap -sT -O -p 53 against bind9.1.0 built from source running on BSD/OS
4.1 and 4.2 is not affected.
---------------------------------------------------------------------------
Normally configured/compiled BIND 9.1.0 on FreeBSD 4.1 , ran 'nmap O -sT -p
53' from another box and named kept running without a problem. Thanks. -RJR
--------------------------------------------------------------------------
It seems that nmap -O -sT only kills it, if its not being used against the
box'es own local loophole. Rather over an ethernet connection that adds
some latency.
This problem will be corrected in bind 9.1.1r1. Which was released last
night. It was a problem I understand with debugging code still being in the
production release.
--------------------------------------------
From: gabriel rosenkoetter <[EMAIL PROTECTED]>
For what it's worth, I (finally) got bind9.1.0 to build from source
statically on my system, and am happily running it now. Details:
uriel:~# uname -mv
NetBSD 1.5 (URIEL) #0: Thu Jan 25 15:27:28 EST 2001
[EMAIL PROTECTED]:/usr/src/sys/arch/macppc/compile/URIEL macppc
Built like this:
export CFLAGS='-O2 -static'
./configure --disable-threads --with-ssl=/usr/pkg
[NetBSD has no reliable pthreads library and I only have a single
processor anyhow; I felt like using the NetBSD OpenSSL port.]
make
nmap -sT -O against this system has absolutely no adverse affect. If
NetBSD's got problems, they are either introduced by the pthreads
library you use (ISC seems to recommend pkgsrc/devel/unproven-pthreads
version 0.17 or later), or by NetBSD patches.
(Moderator, I'm presuming you'll either include this in your next
summary, or just ignore it. Either way is fine by me, as is clipping
the above for a summary.)
~ g r @ eclipsed.net
Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com
