[lug] TSIG overflow

Ulises V. Martinez uvm at novustar.com
Thu Mar 1 11:31:56 MST 2001


Hi George:

Take a look at the following document Linux Security Administrator's Guide.
It is not up to date but should give you a point of reference.
http://www.nic.com/~dave/SecurityAdminGuide/SecurityAdminGuide-all.html


Ulises Martinez
System Administrator

Quote of the Day: Keep away from people who try to belittle your ambitions.
Small people always do that, but the really great make you feel that you,
too, can become great.   Mark Twain

WEALTHY Internet Resources
*********************************************
The Internet Public Library
Full Life Circle Success
Technology-Marketing Intelligent Techniques/Methods/Affiliation
Accelerate Your Income - FREE Subscription Magazine
*********************************************



-----Original Message-----
From: lug-admin at lug.boulder.co.us [mailto:lug-admin at lug.boulder.co.us]On
Behalf Of George Sexton
Sent: Thursday, March 01, 2001 10:22 AM
To: lug at lug.boulder.co.us
Subject: RE: [lug] TSIG overflow


You might try here:

http://www.insecure.org/sploits_all.html

-----Original Message-----
From: lug-admin at lug.boulder.co.us [mailto:lug-admin at lug.boulder.co.us]On
Behalf Of charles at lunarmedia.net
Sent: 28 February, 2001 3:30 PM
To: LUG-DISCUSS
Subject: [lug] TSIG overflow


i know this is going to sound bad, but...


a couple of dns servers which colo with my day job were recently cracked.
i am pretty certain that the culprit used bind exploits as their entry
point. one box was running 8.1.2 and the other 8.2.2.

i am working with the clients now to review the mess and and figure out
exactly what did occur. the client wants a full blown demonstration on an
offnet box configured as they were.

can anyone think of an exploit for 8.1.2 that would grant rootshell? for
the 8.2.2 box, i am guessing that it was a tsig exploit used.

however, for neither scenario do i have source code to compile and run on
this guys machine to prove it to him. how can i proceed from here?

_______________________________________________
Web Page:  http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
_______________________________________________
Web Page:  http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20010301/ba6ca69e/attachment.html>


More information about the LUG mailing list