Very Computer

by **Joh** » Tue, 17 Dec 2002 21:47:31

I saw the following hit in bind this morning which resulted in the
shutting down of one of the nameservers.

This is a rather big concern as according to the package list from
RedHat this is the latest update for 9.x available and was supposed to
fix this vulnerability in BIND.

I am posting here (and then post it in the comp.protocols.dns.bind) in
the hopes that someone can tell me whether or not this is a new DOS or
something possibly due to a misconfiguration on my part.

Heres the log:

Dec 16 04:04:54.845 general: critical: rdataset.c:297:
REQUIRE((((rdataset) != ((void *)0)) && (((const isc__magic_t
*)(rdataset))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 |
('R')))))) failed
Dec 16 04:04:55.019 general: critical: exiting (due to assertion
failure)

According to this errata, the issue I just saw was supposed to be
fixed:

http://rhn.redhat.com/errata/RHSA-2002-105.html

But it points out that this errata is outdated to fix a resovler
library vulnerability located at

http://rhn.redhat.com/errata/RHSA-2002-133.html

So did the last fix possible re-introduce this error?

Thanks!

by **Jim Levi** » Wed, 18 Dec 2002 09:25:06

> I saw the following hit in bind this morning which resulted in the
> shutting down of one of the nameservers.

> This is a rather big concern as according to the package list from
> RedHat this is the latest update for 9.x available and was supposed to
> fix this vulnerability in BIND.

> I am posting here (and then post it in the comp.protocols.dns.bind) in
> the hopes that someone can tell me whether or not this is a new DOS or
> something possibly due to a misconfiguration on my part.

> Heres the log:

> Dec 16 04:04:54.845 general: critical: rdataset.c:297:
> REQUIRE((((rdataset) != ((void *)0)) && (((const isc__magic_t
> *)(rdataset))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 |
> ('R')))))) failed
> Dec 16 04:04:55.019 general: critical: exiting (due to assertion
> failure)

> According to this errata, the issue I just saw was supposed to be
> fixed:

> http://rhn.redhat.com/errata/RHSA-2002-105.html

> But it points out that this errata is outdated to fix a resovler
> library vulnerability located at

> http://rhn.redhat.com/errata/RHSA-2002-133.html

> So did the last fix possible re-introduce this error?

What version of Redhat are you running and what version of bind is installed?

--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
The instructions said to use Windows 98 or better, so I installed RedHat

by **Joh** » Wed, 18 Dec 2002 23:06:20

RH 7.2 and bind-9.2.1-1.7x.2 (rpm)

Thats why i posted, the system was all up to date. I sent a question
to redhat security as well and they were really helpfull and responded
within 30 minutes. The code I was told that the log references isnt
even in the rpm.

Since this was a brand new installation it looks like what happened is
after i ran the up2date utility and re-inited bind it didnt actually
load the new version and I ended up still running the older version
loaded pre up2date.

I havent seen it again in my logs since yesterday morning and trying
to duplicate the attack after killing bind completely and starting it
again has been unsuccessful.

> > I saw the following hit in bind this morning which resulted in the
> > shutting down of one of the nameservers.

> > This is a rather big concern as according to the package list from
> > RedHat this is the latest update for 9.x available and was supposed to
> > fix this vulnerability in BIND.

> > I am posting here (and then post it in the comp.protocols.dns.bind) in
> > the hopes that someone can tell me whether or not this is a new DOS or
> > something possibly due to a misconfiguration on my part.

> > Heres the log:

> > Dec 16 04:04:54.845 general: critical: rdataset.c:297:
> > REQUIRE((((rdataset) != ((void *)0)) && (((const isc__magic_t
> > *)(rdataset))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 |
> > ('R')))))) failed
> > Dec 16 04:04:55.019 general: critical: exiting (due to assertion
> > failure)

> > According to this errata, the issue I just saw was supposed to be
> > fixed:

> > http://rhn.redhat.com/errata/RHSA-2002-105.html

> > But it points out that this errata is outdated to fix a resovler
> > library vulnerability located at

> > http://rhn.redhat.com/errata/RHSA-2002-133.html

> > So did the last fix possible re-introduce this error?

> What version of Redhat are you running and what version of bind is installed?

by **Jim Levi** » Sat, 21 Dec 2002 15:47:17

> RH 7.2 and bind-9.2.1-1.7x.2 (rpm)

> Thats why i posted, the system was all up to date. I sent a question
> to redhat security as well and they were really helpfull and responded
> within 30 minutes. The code I was told that the log references isnt
> even in the rpm.

> Since this was a brand new installation it looks like what happened is
> after i ran the up2date utility and re-inited bind it didnt actually
> load the new version and I ended up still running the older version
> loaded pre up2date.

By "re-inited bid" do you mean that you did a "service named restart" (or
/etc/init.d/named restart)? That should have killed the running named and
started up a new copy, which would have been the one from the update.

Quote:> I havent seen it again in my logs since yesterday morning and trying
> to duplicate the attack after killing bind completely and starting it
> again has been unsuccessful.

That makes sense. This time when named had to be started "from scratch" it
would be the copy form the update.
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
The instructions said to use Windows 98 or better, so I installed RedHat

Very Computer

Redhhat Bind 9 (rpm bind-9.2.1-1.7x.2) Security issue not fixed ?

Redhhat Bind 9 (rpm bind-9.2.1-1.7x.2) Security issue not fixed ?

Redhhat Bind 9 (rpm bind-9.2.1-1.7x.2) Security issue not fixed ?

Redhhat Bind 9 (rpm bind-9.2.1-1.7x.2) Security issue not fixed ?

Redhhat Bind 9 (rpm bind-9.2.1-1.7x.2) Security issue not fixed ?