11:44 Vulnerability xname org | |
Recently discovered a nasty vulnerability in the popular DNS-hosting XName.org The fact that ns2.xname.org allows you to transfer to any area, located on it (AXFR-request), regardless of where the request comes . For example: porfel @ porfel-laptop: ~ $ dig xname.org @ ns2.xname.org axfr ; DiG 9.6.1-P2 xname.org @ ns2.xname.org axfr ;; global options: + cmd xname.org. 600 IN SOA ns0.xname.org. yann.hirou.org. 2009030501 600 1800 3600 000 10800 xname.org. 600 IN TXT "v = spf1 a: vhosting.freexion.net a: ns0.xname.org a: ns1.xname.org a: ns2.xname.org a: g1.xname.org ip4: 195.234.42.0/24 ~ all " xname.org. 600 IN NS ns0.xname.org. Xname.org. 600 IN NS ns1.xname.org. Xname.org. 600 IN NS ns2.xname.org. Xname.org. 600 IN NS ns3.xtremeweb.de. Xname.org. 600 IN MX 10 mxg1.freexion.net. Xname.org. 600 IN MX 20 mx2.oav.net. Xname.org. 600 IN A 92.243.14.172 demo.xname.org. 600 IN CNAME www.xname.org. Dev.xname.org. 600 IN CNAME www.xname.org. Error.xname.org. 600 IN A 193.218.105.155 g1.xname.org. 600 IN A 92.243.14.172 myip.xname.org. 600 IN CNAME www.xname.org. Ns0.xname.org. 600 IN A 195.234.42.1 ns1.xname.org. 600 IN A 87.98.164.164 ns2.xname.org. 600 IN AAAA 2a01: e0b: 1:64:240:63 ff: fee8: 6155 ns2.xname.org. 600 IN A 88.191.64.64 o1.xname.org. 600 IN A 91.121.207.58 o1b.xname.org. 600 IN A 87.98.135.241 source.xname.org. 600 IN CNAME www.xname.org. Test.xname.org. 600 IN NS ns0.xname.org. Test.xname.org. 600 IN NS ns1.xname.org. Url.xname.org. 600 IN CNAME www.xname.org. Www.xname.org. 600 IN CNAME g1.xname.org. Xname.org. 600 IN SOA ns0.xname.org. yann.hirou.org. 2009030501 600 1800 3600 000 10800 ;; Query time: 147 msec ;; SERVER: 88.191.64.64 # 53 (88.191.64.64) ;; WHEN: Tue Mar 23 1:36:15 2010 ;; XFR size: 26 records (messages 3, bytes 791) porfel @ porfel-laptop: ~ $ When you request a zone from any other authoritative DNS-server has received the following: porfel @ porfel-laptop: ~ $ dig xname.org @ ns0.xname.org axfr ; DiG 9.6.1-P2 xname. org@ns0.xname.org axfr ;; global options: + cmd ; Transfer failed. Porfel @ porfel-laptop: ~ $ From what we can conclude that just because this zone to give the developers did not want to. To test this assumption on their domains (a transfer is allowed only to authoritative servers) - the same thing, lets get the whole area, regardless of whether you allow this in the configuration or not. <<>> So, given the risk of being ~ 175,000 domains using as DNS-servers XName. <<>> I would like to advise users of the service: be careful and not prescribed in the zone is nothing confidential. And if the "secret" is a subdomain - take care of the authorization for them. <<>> Thank you for your attention. <<>> PS: A letter of administration service with a description of the problem and fixed a written request on Wednesday, but still no answer greeting | |
|
Total comments: 0 | |