(Read, 1st - Some domains and IP's listed here where substituted by fake ones, by their owners desire, but the examples are 100% true, and realy tested) I found this "bug" while trying to make a BIG sub-domain on my name server, what i just did was on my named.conf put: A.fccn.deve.estar.enganada.este.e.que.deve.ser.o.maior.nome.de.uma.maquina.e m.portugal IN A 111.111.111.111 111.111.111.111.in-addr IN PTR A.fccn.deve.estar.enganada.este.e.que.deve.ser.o.maior.nome.de.uma.maquina.e m.portugal.xxxxxxx.pt. Changed the serial and did named.restart checked for it (if it's working or not). nslookup Default Server: ptm-1.xxxxxxx.pt Address: 111.111.111.2 > 111.111.111.111 Server: ptm-1.xxxxxxx.pt Address: 111.111.111.2 Name: A.fccn.deve.estar.enganada.este.e.que.deve.ser.o.maior.nome.de.uma.maquina.e m.portugal.xxxxxxxx.pt Address: 111.111.111.111 Well it was working, i now had a ip <-> name (resolving ip) So i decides to go to a Portuguese irc network (irc.ptlink.net), to my amaze the server crashed (only the ircd) when trying to resolve my ip, i tried another server and got the same result. I did some more checking and found it to be vurnerable, it was running Elite.PTlink3.3.1 a modified version of Elite ircd's. I probed arround for another ircd software and i found another network runnig u.2.9.32 (a undernet ircd) tried it and found it to be also vurlnerable. Continuing i tried it on Ptnet version PTnet1.5.39F witch is based on Dalnet's ircd's and found it to NOT be vurnerable , when i connected it tried to resolve my ip and failed, but it didnt crash, it continued the connection normaly. So let me put this on a small list of affected IRCd's. Vurnerable: Elite ircd (versions unknown) Ptlink ircd (all versions) Undernet ircd (u.2.9.32) Not vulnerable: Ptnet (versions unknow and 1.5.39F) (Note that this DoS could be applied for many other things) Any questions about this DoS in ircd's please mail me if a valid request i would be glad to help. Pedro Reis ( Goblin ) @ Portugal (irc.ptlink.net)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:09:13 PDT