Search Again: Re: BIND or QDNS exploit?? From: Men & Mice Support Date: Monday, May 1, 2000 Time: 1:19:10 am At 10:36 PM -0300 4/30/00, Listas Interlink wrote: >Please... > >I received a message from a friend Linux User that said me that he was >testing an EXPLOIT that a brazilian developed. > >This app. is able to view DNS version and in some versions he can delete all >data in this DNS Server, or change some data... > >The problem is... 6 months I was using NT BIND in my Primary and Secondary >DNS. And one month ago I finally complete the transition and today I have >Primary and Secondary DNS running qith QuickDNS. >My friend told me that... he tried the EXPLOIT in my network and detect >that is possible to exploit one of my DNS Servers. However, only one.. the >other one he received another version that is protected. I use the same >version in both QDNS 2.2.1. > >How could I view the DNS version? Is there any application or command via >TELNET? I think that BIND version with problem is something like BIND >2.5.x... >I dont remember the right version because I am, really, Mac developer. Without testing the exploit, I'd guess it involves one of the security holes fixed in the latest version of BIND. None of these security holes are present in QuickDNS Pro. The only way to find the version of a DNS server through DNS protocols is to use a version query (a specific query of class CH). Since QuickDNS Pro doesn't support this record class, it passes it on to a root server, some of which will answer with a version string. So this is probably why the program reported that one of your servers is vulnerable. There is absolutely no way known to us to remotely change data on a QuickDNS Pro server, aside from AppleShare, Timbuktu, or other direct access to the filesystem. I would like to test this exploit, just to be absolutely sure. Is there a URL? ____________________________________________________________________ Chris Buxton cbuxton@menandmice.com Men & Mice http://www.menandmice.com Makers of: QuickDNS Pro

Messages In This Thread: BIND or QDNS exploit?? by Listas Interlink on Apr 30, 2000 at 6:37:47 pm Re: BIND or QDNS exploit?? by Men & Mice Support on May 1, 2000 at 1:19:10 am Re: BIND or QDNS exploit?? by QuickDNS@clube.interlink.com.br on May 2, 2000 at 4:45:29 am Re: BIND or QDNS exploit?? by Men & Mice Support on May 2, 2000 at 5:42:06 am