COMMAND
ircd
SYSTEMS AFFECTED
ircd's by oversized PTR record
PROBLEM
(Read, 1st - Some domains and IP's listed here where substituted
by fake ones, by their owners desire, but the examples are 100%
true, and realy tested). Goblin found following. He found this
"bug" while trying to make a BIG sub-domain on my name server.
What he did was on his named.conf put:
A.fccn.deve.estar.enganada.este.e.que.deve.ser.o.maior.nome.de.uma.maquina.em.portugal IN A 111.111.111.111
111.111.111.111.in-addr IN PTR
A.fccn.deve.estar.enganada.este.e.que.deve.ser.o.maior.nome.de.uma.maquina.em.portugal.xxxxxxx.pt.
Changed the serial and did named.restart checked for it (if it's
working or not).
nslookup
Default Server: ptm-1.xxxxxxx.pt
Address: 111.111.111.2
> 111.111.111.111
Server: ptm-1.xxxxxxx.pt
Address: 111.111.111.2
Name:
A.fccn.deve.estar.enganada.este.e.que.deve.ser.o.maior.nome.de.uma.maquina.em.portugal.xxxxxxxx.pt
Address: 111.111.111.111
Well it was working. Goblin now had a IP <-> name (resolving ip)
So he decided to go to a Portuguese irc network (irc.ptlink.net),
to his amaze the server crashed (only the ircd) when trying to
resolve his IP. He tried another server and got the same result.
Goblin did some more checking and found it to be vurnerable, it
was running Elite.PTlink3.3.1 a modified version of Elite ircd's.
He probed arround for another ircd software and he found another
network runnig u.2.9.32 (a undernet ircd) tried it and found it
to be also vurlnerable. Continuing he tried it on Ptnet version
PTnet1.5.39F witch is based on Dalnet's ircd's and found it to
NOT be vurnerable. When he connected it tried to resolve his IP
and failed, but it didnt crash, it continued the connection
normaly. So....
Vurnerable:
Elite ircd (versions unknown)
Ptlink ircd (all versions)
Undernet ircd (u.2.9.32)
Not vulnerable:
Ptnet (versions unknow and 1.5.39F)
(Note that this DoS could be applied for many other things).
Real Goblin's name is Pedro Reis.
SOLUTION
Nothing yet.