[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] THISISNOTMYEXPLOIT



On Sat, Aug 1, 2009 at 3:25 PM, yersinia <yersinia.spiros@xxxxxxxxx> wrote:

> On Fri, Jul 31, 2009 at 5:58 PM, Kingcope<kcope2@xxxxxxxxxxxxxx> wrote:
> > Hello people,
> > Yes there is a warning when the PoC is compiled. But I guess that is
> > not a big issue.
>
> No, problem. It is only necessary to include stdlib.h because malloc
> is implicitily defined (gcc complaint). Anyway,  your POC work as
> aspected. Thanks. In this days it is difficult to see a true exploit
> in a mailing list. The fact that bug was discovered from someone else
> is not important : you have rewritten in another language, so it is
> only your work.
>
> Regards
> > So about what PoC am I talking about?
> > It seems that the moderator of bugtraq keeps blocking me because of fancy
> > headlines maybe. The moderator of bugtraq blocked the actual exploit but
> let
> > the following messages slip through. The PoC is on milw0rm.com and
> > full disclosure.
> > Thanks for clarifying the issue with the zones, I really have not a
> > 100% understanding
> > of the DNS protocol therefore I took a guess on my named.conf file and
> put the
> > address into the PoC.
> >
> > Thanks for your time,
> >
> > Kingcope
> >
> >
> > 2009/7/31 yersinia <yersinia.spiros@xxxxxxxxx>:
> >> Repost for mailing problem.
> >> On Fri, Jul 31, 2009 at 12:14 AM, yersinia <yersinia.spiros@xxxxxxxxx>
> wrote:
> >>>
> >>> On Thu, Jul 30, 2009 at 1:24 PM, Kingcope <kcope2@xxxxxxxxxxxxxx>
> wrote:
> >>>>
> >>>> Hello again,
> >>>> the default setting of 127.in-addr.arpa is a bit weird
> >>>>
> >>>> try
> >>>> ./bind <ip> localhost
> >>>
> >>> Never mind. I have only a warning from gcc because it was necessary to
> include stdlib.h for malloc.
> >>>
> >>> But, the important thing is that it works as aspected.
> >>>
> >>> Regards
> >>>>
> >>>> lewls
> >>>>
> >>>> XD
> >>>>
> >>>> kcope
> >>>>
>
Hello all,
By reading the US-CERT vulnerability issue (CVE-2009-0696) I found this :
"The vulnerability affects all servers that are masters for one or more
zones and is not limited to those that are configured to allow dynamic
updates ". I have some Infoblox master DNS servers with not-allowed dynamic
updates, so I'm wondering if they are vulnerable to this attack and if
somebody test this PoC on a DNS server which not allow dynamic updates? What
is the comportement in this case?

Thanks for the help,






-- 
taha
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/