security bug in BIND9

To: debian-user@lists.debian.org, "users-l@trusteddebian.org" <users-l@trusteddebian.org>
Subject: security bug in BIND9
From: - = k o l i s k o = - <kolisko@penguin.cz>
Date: 02 Jun 2003 11:49:14 +0200
Message-id: <[🔎] 1054547354.1639.184.camel@kolisko.broadnet.cz>

Hi all, 

i have installed Adamantix 1.0.1 (latest) based on Debian Woody.
I never had problem with woody and security. Now on my servers where is
installed bind9 as dns cache somebody (maybe virus, worm, hacker) killed
by remote named processes on my servers. 

Here is my daemon.log:


Jun  2 11:32:18 mx1 named[22616]: client 80.95.118.109#9860: no more TCP
clients                                                                                                               : quota reached
Jun  2 11:32:18 mx1 named[22616]: client 80.95.118.109#9861: no more TCP
clients                                                                                                               : quota reached
Jun  2 11:32:18 mx1 named[22616]: client 80.95.118.109#9862: no more TCP
clients                                                                                                               : quota reached
Jun  2 11:32:19 mx1 named[22616]: client 80.95.118.109#9864: no more TCP
clients                                                                                                               : quota reached
Jun  2 11:32:19 mx1 named[22616]: client 80.95.118.109#9865: no more TCP
clients                                                                                                               : quota reached
Jun  2 11:32:19 mx1 named[22616]: client 80.95.118.109#9868: no more TCP
clients                                                                                                               : quota reached
Jun  2 11:32:19 mx1 named[22616]: quota.c:68: INSIST(p != ((void *)0) &&
*p ==
(                                                                                                               (void *)0)) failed
Jun  2 11:32:19 mx1 named[22616]: exiting (due to assertion failure)
\

package info:


0 root@mx1:etc# apt-cache show bind9
Package: bind9
Version: 1:9.2.1-2.woody.1.2
Priority: optional
Section: net
Maintainer: Peter Busser <peter@adamantix.org>
Depends: libc6 (>= 2.2.4-4), libdns5, libisc4, libisccc0, libisccfg0,
liblwres1, libssl0.9.6, netbase
Suggests: dnsutils, bind9-doc
Conflicts: bind
Replaces: bind, dnsutils (<< 1:9.1.0-3)
Architecture: i386
Filename:
dists/stable/main/binary-i386/net/bind9_9.2.1-2.woody.1.2_i386.deb
Size: 271298
MD5sum: 97938e709ef96f19d870883b27a85fe4
Description: wb: Internet Domain Name Server
 The Berkeley Internet Name Domain (BIND) implements an Internet domain
 name server.  BIND is the most widely-used name server software on the
 Internet, and is supported by the Internet Software Consortium,
www.isc.org.
 .
 This package provides the server and related configuration files.
installed-size: 716


i have installed 2.4.20 kernel from Adamantix sources with turned on
some PaX features:
# CONFIG_PAX_NOEXEC is not set
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDKSTACK=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y




-- 

---
Michal Kolesár
kolisko@penguin.cz
http://kolisko.penguin.cz
+420.777.225.297


Don't send me any attachment in Micro$oft (.DOC, .PPT) format please
Read http://www.fsf.org/philosophy/no-word-attachments.html
Preferable attachments: .PDF, .HTML, .TXT
Thanx for adding this text to Your signature

Reply to:

Follow-Ups:
- Re: security bug in BIND9
  - From: Lukas Ruf <ruf@rawip.org>

Prev by Date: Re: Local package repositories
Next by Date: best way to run stable or testing program on ustable system (fwd)
Previous by thread: Re: dynamic to static ip
Next by thread: Re: security bug in BIND9
Index(es):
- Date
- Thread