Mailing List Archive

Support open source code!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tlug: On being hacked (was: [Q] chgrp 3.15 GNU Utils)

--------------------------------------------------------
tlug note from Paul Gampe <paulg@example.com>
--------------------------------------------------------
On Wed, 30 Jul 1997, Stephen J. Turnbull wrote:

Hi Stephen,

turnbull>I don't know whether it's possible to add records to an authoritative
turnbull>server without obtaining root or other high privileges on it, but I
turnbull>would hope not.  (Presumably such a machine has _no_ nonadministrative
turnbull>accounts on it.)  So....  If you can crack such a server, then packet
turnbull>sniffers or Trojans would wreak havoc.

Unfortunately it is possible to add records to a domain name cache.  A
vast majority of domain name servers on the net are running bind 4.9.5 or
earlier, and all these versions are vulnerable.   It took me a while to
grasp the concept so I'm attaching an excellent explanation of the
problem, posted to BugTraq.  

Cheers,
Paul.

--------------------------------------------------------------------------
mailto:paulg@example.com     phoneto:81-3-3351-5977     faxto:81-3-3353-6096
The students learn that effective action arises out of silence and a clear
sense of being.  In this they find a source of peace.  They  discover that
the person who is down-to-earth can do what needs doing  more  effectively
than the person who is merely busy.  - Lao Tzu's    "Tao Te Ching"   500BC
--------------------------------------------------------------------------
Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links