[lug] TSIG overflow
charles at lunarmedia.net
charles at lunarmedia.net
Wed Feb 28 15:30:17 MST 2001
i know this is going to sound bad, but...
a couple of dns servers which colo with my day job were recently cracked.
i am pretty certain that the culprit used bind exploits as their entry
point. one box was running 8.1.2 and the other 8.2.2.
i am working with the clients now to review the mess and and figure out
exactly what did occur. the client wants a full blown demonstration on an
offnet box configured as they were.
can anyone think of an exploit for 8.1.2 that would grant rootshell? for
the 8.2.2 box, i am guessing that it was a tsig exploit used.
however, for neither scenario do i have source code to compile and run on
this guys machine to prove it to him. how can i proceed from here?
More information about the LUG
mailing list