[lug] TSIG overflow

George Sexton gsexton at mhsoftware.com
Thu Mar 1 09:21:51 MST 2001

You might try here:


-----Original Message-----
From: lug-admin at lug.boulder.co.us [mailto:lug-admin at lug.boulder.co.us]On
Behalf Of charles at lunarmedia.net
Sent: 28 February, 2001 3:30 PM
Subject: [lug] TSIG overflow

i know this is going to sound bad, but...

a couple of dns servers which colo with my day job were recently cracked.
i am pretty certain that the culprit used bind exploits as their entry
point. one box was running 8.1.2 and the other 8.2.2.

i am working with the clients now to review the mess and and figure out
exactly what did occur. the client wants a full blown demonstration on an
offnet box configured as they were.

can anyone think of an exploit for 8.1.2 that would grant rootshell? for
the 8.2.2 box, i am guessing that it was a tsig exploit used.

however, for neither scenario do i have source code to compile and run on
this guys machine to prove it to him. how can i proceed from here?

Web Page:  http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list