[lug] TSIG overflow
George Sexton
gsexton at mhsoftware.com
Thu Mar 1 09:21:51 MST 2001
You might try here:
http://www.insecure.org/sploits_all.html
-----Original Message-----
From: lug-admin at lug.boulder.co.us [mailto:lug-admin at lug.boulder.co.us]On
Behalf Of charles at lunarmedia.net
Sent: 28 February, 2001 3:30 PM
To: LUG-DISCUSS
Subject: [lug] TSIG overflow
i know this is going to sound bad, but...
a couple of dns servers which colo with my day job were recently cracked.
i am pretty certain that the culprit used bind exploits as their entry
point. one box was running 8.1.2 and the other 8.2.2.
i am working with the clients now to review the mess and and figure out
exactly what did occur. the client wants a full blown demonstration on an
offnet box configured as they were.
can anyone think of an exploit for 8.1.2 that would grant rootshell? for
the 8.2.2 box, i am guessing that it was a tsig exploit used.
however, for neither scenario do i have source code to compile and run on
this guys machine to prove it to him. how can i proceed from here?
_______________________________________________
Web Page: http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list