From owner-freebsd-questions Sun Mar 25 14:30:53 2001 Delivered-To: freebsd-questions@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-43.dsl.lsan03.pacbell.net [63.207.60.43]) by hub.freebsd.org (Postfix) with ESMTP id 9ACE137B71B for ; Sun, 25 Mar 2001 14:30:49 -0800 (PST) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id C5AB366B3C; Sun, 25 Mar 2001 14:30:48 -0800 (PST) Date: Sun, 25 Mar 2001 14:30:48 -0800 From: Kris Kennaway To: Bill Moran Cc: Jim Durham , "Conrad T. Pino" , freebsd-questions@FreeBSD.ORG Subject: HEADS UP: BIND 8.2.3 INSECURITY (Re: BIND 8.2.3 Crashing Question) Message-ID: <20010325143048.C45772@xor.obsecurity.org> References: <3ABE1342.4A9CDFFF@iowna.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="6zdv2QT/q3FMhpsV" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3ABE1342.4A9CDFFF@iowna.com>; from wmoran@iowna.com on Sun, Mar 25, 2001 at 10:48:18AM -0500 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --6zdv2QT/q3FMhpsV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sun, Mar 25, 2001 at 10:48:18AM -0500, Bill Moran wrote: > I have also seen trouble with BIND crashing on a 4.2-STABLE machine. > Looking at it, this is 8.2.3-T6B > Was that a Beta release? If so, I'd better upgrade before I complain too > much. I thought I had grabbed a productin release, but I don't even see > T6B listed on the site. Yet another person who has managed to stumble through the minefield for the past 2 months oblivious to the screams of everyone else to stop. Those crashes are root exploit attempts, possibly successful ones. See the security advisory from 2 months ago, and please subscribe to one of the mailing lists which carries them to save yourself the trouble and embarrassment in the future (see www.freebsd.org/security). 8.2.3-REL is the *only* BIND 8 version which isn't vulnerable to this! Sorry to rant at you, Bill, but the number of times this question has been answered on FreeBSD lists, the amount of mainstream and internet media coverage this problem got, and the amount of information about the topic available on the internet makes me wonder just what it takes to get through to people. Chances are your machine(s) have been compromised, and you should treat it as such: back up the data, wipe the machine and reinstall it from trusted media, then selectively restore the data, being careful not to reinstall anything corrupted by the attacker. Kris --6zdv2QT/q3FMhpsV Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6vnGYWry0BWjoQKURAmhYAKDSC7bkUBe/4Q/Kz0e4KOPAPqPxIQCgmGxU ZTEgAS1I8DOKdECfI/+4UZQ= =jTsa -----END PGP SIGNATURE----- --6zdv2QT/q3FMhpsV-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message