| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200709040052.l840qllY037471@drugs.dv.isc.org>
Date: Tue, 04 Sep 2007 10:52:47 +1000
From: Mark Andrews <Mark_Andrews@....org>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: bind9 remote vulnerability,
possibly exploitable - vendor unresponsive :~~~<
> From: herbietwink whatsitworth2ya <herbietwink_at_gmail.com>
> Date: Sat, 25 Aug 2007 04:38:27 +1000
>
> ..#@1 [x] \\\\\\\\\/\/3ZTc04ztC00ol3Rcr3w @#@#$@#$ .[x].
>
> if ur queer and ur not sure u know it - clap ur handz
> is what i'd say
>
> if i had immunity shaved in the back if my head
> ..and i was undecided as to whether i wanted to sink the pink or the brown
> ....itz ok i hire young euro entourage boys at a bargin price
>
> WC crU ready to drop some threatc0n5 shit more serious then a gadi evron
> threat at defcon presentation * 5
> cuntz g0t right amougzt it rem0te shell bind9 r00ter, uneed more inf0? read
> the c0de n00b lololol
>
> pr0pz 2 mixt3r foundin father of int33ger skullduggry
>
> READY
> &
> GO @#$$%
>
> struct dns_rdata {
> unsigned char * data;
> int length;
> dns_rdataclass_t rdclass;
> dns_rdatatype_t type;
> int flags;
> ISC_LINK(dns_rdata_t) link;
> };
I say, "Never let reality get in the way of a good story ..."
except people actually believed this load of rubbish.
Well rdata->length is (unsigned int) as is tr.length.
1.1 (halley 16-Dec-98): struct dns_rdata {
1.4 (halley 13-Jan-99): unsigned char * data;
1.4 (halley 13-Jan-99): unsigned int length;
1.19 (halley 02-Aug-99): dns_rdataclass_t rdclass;
1.4 (halley 13-Jan-99): dns_rdatatype_t type;
1.42 (marka 19-Oct-00): unsigned int flags;
1.4 (halley 13-Jan-99): ISC_LINK(dns_rdata_t) link;
1.4 (halley 13-Jan-99): };
and as it was in version 1.1
/*
* Clients are strongly discouraged from using this type directly.
*/
struct dns_rdata {
unsigned char *data;
unsigned int length;
dns_rdataclass_t class;
dns_rdatatype_t type;
/*
* XXX should rdata be linkable (i.e. as in <isc/list.h>) to make
* rdata lists easy?
*/
};
Mark
P.S. If he had actually reported it to us (ISC) it would
have reached my mailbox by one path or another as we don't
let reports of security vulnerabilities go unexamined.
Yes. I am the lead Engineer on BIND 9.
> isc_result_t
> dns_rdata_towire(dns_rdata_t *rdata, dns_compress_t *cctx,
> isc_buffer_t *target)
> {
> isc_result_t result = ISC_R_NOTIMPLEMENTED;
> isc_boolean_t use_default = ISC_FALSE;
> isc_region_t tr;
> isc_buffer_t st;
>
> REQUIRE(rdata != NULL);
> REQUIRE(DNS_RDATA_VALIDFLAGS(rdata));
>
> /*
> * Some DynDNS meta-RRs have empty rdata.
> */
> if ((rdata->flags & DNS_RDATA_UPDATE) != 0) {
> INSIST(rdata->length == 0);
> return (ISC_R_SUCCESS);
> }
>
> st = *target;
>
> TOWIRESWITCH
>
> if (use_default) {
> isc_buffer_availableregion(target, &tr);
> if (tr.length < rdata->length)
> return (ISC_R_NOSPACE);
> memcpy(tr.base, rdata->data, rdata->length);
> isc_buffer_add(target, rdata->length);
> return (ISC_R_SUCCESS);
> }
> if (result != ISC_R_SUCCESS) {
> *target = st;
> INSIST(target->used < 65536);
> dns_compress_rollback(cctx, (isc_uint16_t)target->used);
> }
> return (result);
> }
>
> bigup2 Lam3rZ's see u at nonamecon
>
> Herbert Twinkleworth
> *Information Security Interest Group - NZ
>
> *
--
Mark Andrews (BE Elec), ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@....org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists