[lug] TSIG overflow

charles at lunarmedia.net charles at lunarmedia.net
Wed Feb 28 15:30:17 MST 2001


i know this is going to sound bad, but...


a couple of dns servers which colo with my day job were recently cracked.
i am pretty certain that the culprit used bind exploits as their entry
point. one box was running 8.1.2 and the other 8.2.2.

i am working with the clients now to review the mess and and figure out
exactly what did occur. the client wants a full blown demonstration on an
offnet box configured as they were.

can anyone think of an exploit for 8.1.2 that would grant rootshell? for
the 8.2.2 box, i am guessing that it was a tsig exploit used.

however, for neither scenario do i have source code to compile and run on
this guys machine to prove it to him. how can i proceed from here?




More information about the LUG mailing list