Search Again: Re: BIND or QDNS exploit?? From: Men & Mice Support Date: Tuesday, May 2, 2000 Time: 5:42:06 am At 8:45 AM -0300 5/2/00, QuickDNS@clube.interlink.com.br wrote: >> Without testing the exploit, I'd guess it involves one of the security >holes >> fixed in the latest version of BIND. None of these security holes are >> present in QuickDNS Pro. > >What's the latest BIND version and wich I have these holes? >He said me that was able to change Secondary DNS data and then to change >Primary DNS updating its by the modified Secondary DNS. Something like >this... what about? The latest version of BIND is 8.2.2-P5. All earlier versions have several security holes. There was a CERT advisory about it: <http://www.cert.org/advisories/CA-99-14-bind.html> >> The only way to find the version of a DNS server through DNS protocols is >> to use a version query (a specific query of class CH). > >Is there any way to do this in a Mac? >What software I need? You need to be able to send a non-Internet (actually, CHaos-class) query to the server. I don't know of any Mac software that sends such queries. I've done it with dig from the Linux command-line, and that's about it. >> Since QuickDNS Pro doesn't support this record class, it passes it on to a >> root server , some of which will answer with a version string. So >> this is probably why the program reported that one of your servers is >> vulnerable. > >EMBRATEL maybe?? The brazilian BackBone... No, it would be a root server. Is there a root server in Brazil? (I haven't kept track, and they've changed a few times over the last few years.) There are about a dozen root servers, which are authoritative for the root domain. The root domain (written as ".") is the parent domain of com, net, org, br, etc. They have names such as a.root-servers.net, b.root-servers.net, c.root-servers.net, etc., up to m.root-servers.net. >> There is absolutely no way known to us to remotely change data on a >QuickDNS >> Pro server, aside from AppleShare, Timbuktu, or other direct access to the >> filesystem. > >And QDNS 3.0 with the RemoteAccess? We know that WebStar and EIMS Remote >Admin are "secure"... do you will use the same idea? Absolutely. That's one of the reasons it's taking so long - we have to be absolutely sure there are no security holes. (Or as sure as is possible - it's generally impossible to completely prove a negative.) >> I would like to test this exploit, just to be absolutely sure. Is there a >> URL? > >I will try to get and then I then send you... there's no URL where to d/l >this exploit. It's a private exploit. OK, that's probably a good thing. I'd still like to see the information or method, if possible. ____________________________________________________________________ Chris Buxton cbuxton@menandmice.com Men & Mice http://www.menandmice.com Makers of: QuickDNS Pro

Messages In This Thread: BIND or QDNS exploit?? by Listas Interlink on Apr 30, 2000 at 6:37:47 pm Re: BIND or QDNS exploit?? by Men & Mice Support on May 1, 2000 at 1:19:10 am Re: BIND or QDNS exploit?? by QuickDNS@clube.interlink.com.br on May 2, 2000 at 4:45:29 am Re: BIND or QDNS exploit?? by Men & Mice Support on May 2, 2000 at 5:42:06 am