| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Aug 2009 18:04:38 +0200 From: yersinia <yersinia.spiros@...il.com> To: taha <tahacalypse@...il.com> Cc: Kingcope <kcope2@...glemail.com>, advisories@...ern0t.net, full-disclosure@...ts.grok.org.uk Subject: Re: THISISNOTMYEXPLOIT On Mon, Aug 3, 2009 at 5:49 PM, taha<tahacalypse@...il.com> wrote: > > > On Sat, Aug 1, 2009 at 3:25 PM, yersinia <yersinia.spiros@...il.com> wrote: >> >> On Fri, Jul 31, 2009 at 5:58 PM, Kingcope<kcope2@...glemail.com> wrote: >> > Hello people, >> > Yes there is a warning when the PoC is compiled. But I guess that is >> > not a big issue. >> >> No, problem. It is only necessary to include stdlib.h because malloc >> is implicitily defined (gcc complaint). Anyway, your POC work as >> aspected. Thanks. In this days it is difficult to see a true exploit >> in a mailing list. The fact that bug was discovered from someone else >> is not important : you have rewritten in another language, so it is >> only your work. >> >> Regards >> > So about what PoC am I talking about? >> > It seems that the moderator of bugtraq keeps blocking me because of >> > fancy >> > headlines maybe. The moderator of bugtraq blocked the actual exploit but >> > let >> > the following messages slip through. The PoC is on milw0rm.com and >> > full disclosure. >> > Thanks for clarifying the issue with the zones, I really have not a >> > 100% understanding >> > of the DNS protocol therefore I took a guess on my named.conf file and >> > put the >> > address into the PoC. >> > >> > Thanks for your time, >> > >> > Kingcope >> > >> > >> > 2009/7/31 yersinia <yersinia.spiros@...il.com>: >> >> Repost for mailing problem. >> >> On Fri, Jul 31, 2009 at 12:14 AM, yersinia <yersinia.spiros@...il.com> >> >> wrote: >> >>> >> >>> On Thu, Jul 30, 2009 at 1:24 PM, Kingcope <kcope2@...glemail.com> >> >>> wrote: >> >>>> >> >>>> Hello again, >> >>>> the default setting of 127.in-addr.arpa is a bit weird >> >>>> >> >>>> try >> >>>> ./bind <ip> localhost >> >>> >> >>> Never mind. I have only a warning from gcc because it was necessary to >> >>> include stdlib.h for malloc. >> >>> >> >>> But, the important thing is that it works as aspected. >> >>> >> >>> Regards >> >>>> >> >>>> lewls >> >>>> >> >>>> XD >> >>>> >> >>>> kcope >> >>>> > > Hello all, > By reading the US-CERT vulnerability issue (CVE-2009-0696) I found this : > "The vulnerability affects all servers that are masters for one or more > zones and is not limited to those that are configured to allow dynamic > updates ". I have some Infoblox master DNS servers with not-allowed dynamic > updates, so I'm wondering if they are vulnerable to this attack and if > somebody test this PoC on a DNS server which not allow dynamic updates? What > is the comportement in this case? Crash. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists