Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

bind.nxt.txt

πŸ—“οΈΒ 12 Nov 1999Β 00:00:00Reported byΒ Packet StormTypeΒ 
packetstorm
Β packetstormπŸ”—Β packetstormsecurity.comπŸ‘Β 29Β Views

Critical NXT bug allows remote access to DNS servers, no workarounds available yet.

Show more
Code
`http://www.isc.org/products/BIND/bind-security-19991108.html  
  
  
Name: "nxt bug"  
  
Versions affected: 8.2, 8.2 patchlevel 1, 8.2.1  
Severity: CRITICAL  
Exploitable: Remotely  
Type: Access possible  
  
Description:  
  
A bug in the processing of NXT records can theoretically allow an  
attacker to gain access to the system running the DNS server at  
whatever privilege level the DNS server runs at.  
  
Workarounds:  
  
None.  
  
Active Exploits:  
  
At this time, ISC is unaware of any active exploits of this  
vulnerability however given the potential access this vulnerability  
represents, it is probable scripts will be created in the near future  
that make use of this vulnerability.  
  
  
  
Reply-To: Anonymous <[email protected]>  
Comments: This message did not originate from the Sender address above.  
It  
was remailed automatically by anonymizing remailer software.  
Please report problems or inappropriate use to the remailer  
administrator at <[email protected]>.  
X-To: [email protected]  
To: [email protected]  
  
Ooh, those pesky NXT records. Like I process those every day.  
Fascinating read in RFC 2535, but suppose I don't have any NXT  
records in my own zones, under what circumstances will my DNS server  
commit the sin of "the processing of NXT records"? In other words,  
are all of us vulnerable (even caching-only name servers if so, I  
imagine!), or only people with NXT records? This makes a big difference!  
  
  
Subject: Re: your mail  
X-To: [email protected]  
To: [email protected]  
  
On Thu, 11 Nov 1999, Anonymous wrote:  
  
> Ooh, those pesky NXT records. Like I process those every day.  
> Fascinating read in RFC 2535, but suppose I don't have any NXT  
> records in my own zones, under what circumstances will my DNS server  
> commit the sin of "the processing of NXT records"? In other words,  
> are all of us vulnerable (even caching-only name servers if so, I  
> imagine!), or only people with NXT records? This makes a big difference!  
  
Caching-only servers are also vulnerable. The NXT record is no different  
that any other DNS record in this case. If someone is able to make your  
server fetch a maliciously-constructed NXT record, it will cause problems.  
A query to a caching server will force the server to send a recursive  
query, which makes the caching server vulnerable.  
  
Brian  
  
  
Date: Fri, 12 Nov 1999 05:20:55 +0100  
From: Alain Thivillon <[email protected]>  
Subject: Re: your mail  
To: [email protected]  
  
---Executing: shownonascii  
This message contains non-ASCII text, but the iso-8859-1 font  
has apparently not yet been installed on this machine.  
(There is no directory named /usr/X11R6/lib/X11/fonts/misc.)  
What follows may be partially unreadable, but the English (ASCII) parts  
should still be readable.  
  
Anonymous <[email protected]> Γ©crivait (wrote) :  
  
> commit the sin of "the processing of NXT records"? In other words,  
> are all of us vulnerable (even caching-only name servers if so, I  
> imagine!), or only people with NXT records? This makes a big difference!  
  
[ NB : I can be wrong, don't flame me :) ]  
  
Examing diffs between 8.2.1 and 8.2.2PL3 show rewrite of code handling  
external response to an NXT query coming from bind himself (see  
bin/named/ns_resp.c). So i suppose, if your name server is public and  
recusive, external attacker can query your bind for NXT record in  
another zone. If he has control of name server of this zone, he can  
send offending responses and trigger bug.  
  
I suspect every public server with 8.2 <= bind < 8.2.3PL3 is vulnerable.  
  
  
  
Reply-To: "David R. Conrad" <[email protected]>  
Sender: Bugtraq List <[email protected]>  
Organization: Internet Software Consortium  
X-To: Anonymous <[email protected]>  
X-cc: [email protected]  
To: [email protected]  
  
Hi,  
  
The problem is with the reception of NXT records, so it doesn't matter what  
you have in your own zone files. Any nameserver running versions 8.2, 8.2  
patchlevel 1, or 8.2.1 can be susceptible to the attack (albeit there are  
some  
pre-conditions that must be met for the issue to even come up). We, of  
course, recommend upgrading. In addition, we recommend running your  
nameserver as non-root and chrooted (I know setting this up is non-trivial --  
it'll be much, much easier in BINDv9).  
  
Rgds,  
-drc  
  
Anonymous wrote:  
> Ooh, those pesky NXT records. Like I process those every day.  
> Fascinating read in RFC 2535, but suppose I don't have any NXT  
> records in my own zones, under what circumstances will my DNS server  
> commit the sin of "the processing of NXT records"? In other words,  
> are all of us vulnerable (even caching-only name servers if so, I  
> imagine!), or only people with NXT records? This makes a big difference!  
  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
12 Nov 1999 00:00Current
7.4High risk
Vulners AI Score7.4
nxt recordsdns server vulnerabilityremote accesscritical severityno workarounds.
29
.json
Report