Date: Sat, 2 Aug 2008 20:52:31 +0900 (JST) From: Tomoyuki Sakurai <cherry@trombik.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/126189: [NEW PORT] dns/dns_mre: DNS Cache Poisoner/Overwriter Message-ID: <20080802115231.266EB1CD0B@spica.trombik.org> Resent-Message-ID: <200808021200.m72C08GA057225@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 126189 >Category: ports >Synopsis: [NEW PORT] dns/dns_mre: DNS Cache Poisoner/Overwriter >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat Aug 02 12:00:07 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Tomoyuki Sakurai >Release: FreeBSD 7.0-STABLE amd64 >Organization: >Environment: System: FreeBSD spica.trombik.org 7.0-STABLE FreeBSD 7.0-STABLE #5: Thu Jul 10 22:29:26 JST 2008 >Description: DNS Multiple Race Exploiter is a tool that exploits an inherent flaw in the DNS Server Cache. By sending many queries to a DNS server along with fake replies, an attacker can successfuly writes a fake new entry in the DNS cache. WWW: http://www.securebits.org/dnsmre.html Generated with FreeBSD Port Tools 0.77 >How-To-Repeat: >Fix: --- dns_mre-1.0.shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # dns_mre # dns_mre/pkg-descr # dns_mre/Makefile # dns_mre/pkg-plist # dns_mre/distinfo # dns_mre/files # dns_mre/files/patch-dns_mre.h # dns_mre/files/patch-dns_mre.c # echo c - dns_mre mkdir -p dns_mre > /dev/null 2>&1 echo x - dns_mre/pkg-descr sed 's/^X//' >dns_mre/pkg-descr << 'eafa51a0b743b0f475088c542bd4f9a2' XDNS Multiple Race Exploiter is a tool that exploits an inherent flaw in the XDNS Server Cache. By sending many queries to a DNS server along with fake Xreplies, an attacker can successfuly writes a fake new entry in the DNS Xcache. X XWWW: http://www.securebits.org/dnsmre.html eafa51a0b743b0f475088c542bd4f9a2 echo x - dns_mre/Makefile sed 's/^X//' >dns_mre/Makefile << '9ec65c752c0900ff03f068529b41aa79' X# New ports collection makefile for: dns_mre X# Date created: 2008-08-02 X# Whom: Tomoyuki Sakurai <cherry@trombik.org> X# X# $FreeBSD$ X# X XPORTNAME= dns_mre XPORTVERSION= 1.0 XCATEGORIES= dns security XMASTER_SITES= http://www.securebits.org/tools/ XDISTNAME= ${PORTNAME}-v${PORTVERSION} X XMAINTAINER= cherry@trombik.org XCOMMENT= DNS Cache Poisoner/Overwriter X XNO_WRKSUBDIR= Yes X X.include <bsd.port.pre.mk> X Xdo-build: X cd ${WRKSRC} && ${CC} ${CFLAGS} -Wall main.c dns_mre.c -o dns_mre X Xdo-install: X ${INSTALL_PROGRAM} ${WRKSRC}/dns_mre ${PREFIX}/bin/ X X.include <bsd.port.post.mk> 9ec65c752c0900ff03f068529b41aa79 echo x - dns_mre/pkg-plist sed 's/^X//' >dns_mre/pkg-plist << '1c3b7f2ff02e2782ed507862cf31c736' X@comment $FreeBSD$ Xbin/dns_mre 1c3b7f2ff02e2782ed507862cf31c736 echo x - dns_mre/distinfo sed 's/^X//' >dns_mre/distinfo << 'e0d28197bdca05057d2cc54355976770' XMD5 (dns_mre-v1.0.tar.gz) = a080cf0d3d5faa5bc1351c55d9f43415 XSHA256 (dns_mre-v1.0.tar.gz) = 7a3c264805686bedf06f10fa7536403d679cf69f269b95cb8a11d4f3e1d026e6 XSIZE (dns_mre-v1.0.tar.gz) = 21958 e0d28197bdca05057d2cc54355976770 echo c - dns_mre/files mkdir -p dns_mre/files > /dev/null 2>&1 echo x - dns_mre/files/patch-dns_mre.h sed 's/^X//' >dns_mre/files/patch-dns_mre.h << '7dbea86d181422a76d73279e68724195' X--- dns_mre.h.orig 2008-08-02 04:02:47.000000000 +0900 X+++ dns_mre.h 2008-08-02 04:02:51.000000000 +0900 X@@ -32,6 +32,7 @@ X #include <netdb.h> X #include <arpa/inet.h> X #include <string.h> X+#include <time.h> X X /* Definitions */ X #define Q_S_PORT 2345 /* Query Source Port */ 7dbea86d181422a76d73279e68724195 echo x - dns_mre/files/patch-dns_mre.c sed 's/^X//' >dns_mre/files/patch-dns_mre.c << '9f678e60aa54f098cb3c3cbc135af5fc' X--- dns_mre.c.orig 2008-08-02 01:23:19.000000000 +0900 X+++ dns_mre.c 2008-08-02 20:37:50.000000000 +0900 X@@ -160,7 +160,6 @@ X u_int8_t * udp_pointer = NULL; X u_int8_t * dns_pointer = NULL; X int dns_size; X- int i; X X if( !answer_flag ) X printf("# Preparing query raw packet..."); X@@ -195,7 +194,7 @@ X u_int8_t * ip4_pointer = NULL; X u_int8_t * udp_pointer = NULL; X u_int8_t * dns_pointer = NULL; X- int dns_size; X+ int dns_size = 0; X int i; X X if( !answer_flag ) X@@ -797,6 +796,7 @@ X " -x <no_txids> Number of static Transaction IDs to use (optional; default 15)\n" X " -v Verbosity\n" X , cmd); X+ return 1; X } X X 9f678e60aa54f098cb3c3cbc135af5fc exit --- dns_mre-1.0.shar ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080802115231.266EB1CD0B>