Cara berikut untuk mengantisipasi isu cache poisoning bug yg ada di BIND v9
Bagi pengguna FreeBSD 6.3 (Stable), download patch nya:
# cd /tmp
# fetch -o bind.patch http://security.FreeBSD.org/patches/SA-08:06/bind63.patch
Bagi pengguna FreeBSD 7.0 (Stable), patch-nya :
# cd /tmp
# fetch -o bind.patch http://security.FreeBSD.org/patches/SA-08:06/bind7.patch
Selanjutnya, berikut perintah untuk compiling dan install patch bind 9 :
# cd /usr/src
# patch < /tmp/bind.patch
# cd /usr/src/lib/bind
# make obj && make depend && make && make install
Restart bind 9 & pastikan tidak ada error/kesalahan pada log
# /etc/rc.d/named restart
# tail -f /var/log/messages
From OpenBSD officially’s site:
A vulnerability has been found in BIND’s named server (CVE-2009-0696). An attacker could crash a server with a specially crafted dynamic update message to a zone for which the server is master.
patch
From ISC (Internet Systems Consortium):
Urgent: this exploit is public. Please upgrade immediately.
Receipt of a specially-crafted dynamic update message to a zone for which the server is the master may cause BIND 9 servers to exit. Testing indicates that the attack packet has to be formulated against a zone for which that machine is a master. Launching the attack against slave zones does not trigger the assert.
This vulnerability affects all servers that are masters for one or more zones β it is not limited to those that are configured to allow dynamic updates. Access controls will not provide an effective workaround.
dns_db_findrdataset() fails when the prerequisite section of the dynamic update message contains a record of type βANYβ and where at least one RRset for this FQDN exists on the server.
db.c:659: REQUIRE(type != ((dns_rdatatype_t)dns_rdatatype_any)) failed
exiting (due to assertion failure).
Workarounds:
None.
Active exploits:
An active remote exploit is in wide circulation at this time.
Solution:
Upgrade BIND to one of 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1. These versions can be downloaded from:
http://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz
http://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz
http://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz
Berikut cara sederhana untuk meng-update ports mesin server FreeBSD*
Buat file dengan nama (terserah), misalkan soup
# vi soup
Isikan ke dalam file tersebut seperti berikut ini (copast):
# begin of file 'soup'
*default tag=.
*default host=cvsup12.FreeBSD.org
*default prefix=/usr
*default base=/var/db
*default release=cvs delete use-rel-suffix compress
src-all
# eof soup
Simpan file tersebut, kemudian lakukan perintah berikut:
# csup soup
Update ports akan di proses, dan membutuhkan waktu yang cukup lama (tergantung besar kecilnya bandwidth yg digunakan).
NB: Update ports terkadang perlu dilakukan agar database daftar paket-paket yang ada di dalam mesin server kita selalu update. Hal ini menjadi penting untuk meminimalisir adanya bugs/vulnerabilities paket yang terkadang menjadi titik celah keamanan sebuah server. Cara di atas berlaku untuk FreeBSD versi 6.2 ke atas.
February 12th, 2009
6:18 am
shell
How do I convert hex number to decimal number using a shell script under UNIX / Linux operating systems?
Hexadecimal (hex) is a numeral system with a radix, or base, of 16. It uses sixteen distinct symbols, most often the symbols 0β9 to represent values zero to nine, and A, B, C, D, E, F (or a through f) to represent values ten to fifteen.
bc - An arbitrary precision calculator language
There is no need to write a shell script. You can simply use the following syntax at a shell prompt to convert hex to decimal number or vice versa:
echo "obase=16; hex-number"|bcecho "obase=16; 100"|bc
Sample output:
64
echo "obase=10; decimal-number"|bcecho "obase=10; AC"|bc
Sample output:
99
ibase and obase define the conversion base for input and output numbers under bc. The default for both input and output is base 10. Add following function to your ~/.bashrc:
d2h(){echo "obase=16; $@"|bc}h2d(){echo "obase=10; $@"|bc}
The above two functions can be used from the command line as follows:
$ h2d 100
$ d2h AC
Please re-login to make it works. Bingo !
Terkadang setiap manusia butuh hiburan. Hiburan yang sederhana, tidak melenakan apalagi sampai lupa diri. So, berikut ada beberapa jokes (humor) ala matematika. Sebenarnya sdh pernah sy dapatkan sekitar tahun 2004/2005 yang lalu. Tp ketika sy melihatnya lg, msh sj bisa membuat diri ini terhibur… 
Matematika sederhana yang diselesaikan dengan sangat ’sederhana’ pula. 
Jabarkan ! :-P
Soal matematika bagi para 'hater' Internet Explorer (IE)
Temukan (nilai) 'X' !
Read the rest of this entry »
