# named: stack smashing attack in function query_find

## richard.scott

I've recently upgraded to bind-9.3.4 and when I try and emerge with the "idn" flag I get a stack error when running the daemon:

```
named: stack smashing attack in function query_find
```

Once you try and query a zone file that the bind server is a master for it kills the daemon and reports a stack smashing error!

If you re-compile with "-idn" then its all ok!

EDIT: ok, its not all ok without the IDN flag...it was late when I restarted my daemon and I didn't notice it crash again!

Has anyone else see this with a hardened system?

----------

## guerro

same problem here.....  I think that it has the same problem like previous version (9.3.3, hard-masked 1 day after it become stable)....

I solved it masking last version and using old version (9.3.2). I hope that in the future this bug will be solved. Now I still waiting

----------

## LostControl

 *richard.scott wrote:*   

> Has anyone else see this with a hardened system?

 

Same here  :Sad: 

----------

## babudro

Same here.  I'm glad to have found this reminder. I ran into this before (probably with 9.3.3) but forgot what I had done to fix it.  These forums can sure save a guy a lot of head scratching.

----------

## smoco

Hi , 

After bind update to version 9.3.4 , a cannot start bind , after start it is running few seconds a then fall down with

"unable to start stack smashing attack in function query_find" message.

Have anyone the same problem ??

ENVIROMENT

Hardened gentoo x86 , Pentium 4 

kernel version  2.6.17-hardened-r1

----------

## pent0z

i had similar problems whit the hardened profile... named starts, but after some seconds goes down

switched back to the previous version

----------

## smoco

I've tried 9.2.8 and same thing , so I remove all /var/bind start bind and the same , it looks that only 9.3.2 is working correctly.

----------

## tomk

Merged previous three posts.

----------

## richard.scott

 *pent0z wrote:*   

> i had similar problems whit the hardened profile... named starts, but after some seconds goes down
> 
> switched back to the previous version

 

What are your CFLAGS set to?

I have mine set as follows:

```
CFLAGS="-mtune=i686 -Os -pipe -fomit-frame-pointer"
```

I hear that if you try -O instead of -Os or -O2 that it may be ok.....I read that on a bug report somewhere but not tested it yet as it would mean a total rebuild of my server   :Shocked: 

EDIT: ok, after a total rebuild with -O and not -Os its still the same   :Crying or Very sad: Last edited by richard.scott on Mon Feb 26, 2007 4:56 pm; edited 1 time in total

----------

## chashab

Has anyone solved this issue yet?

I'm going to downgrade for now.  If someone else is considering downgrading, note [ GLSA 200702-06 ] BIND: Denial of Service.

Update: Should have read the previous posts more closely:

 *smoco wrote:*   

> I've tried 9.2.8 and same thing , so I remove all /var/bind start bind and the same , it looks that only 9.3.2 is working correctly.

 

The problem is 9.3.2 suffers from the aforementioned GLSA 200702-06.  In other words, there is no viable bind version for a hardened system at this point.

Update: What I did is use gcc-config to switch to a non hardened gcc.  Recompiled the most recent bind and switched gcc back afterwards.  So no hardened bind, but better than running a vulnerable version.

----------

## s_wilk

Hi,

You don't need to downgrade it.

Just switch gcc to hardenednossp version and recompile bind. 

It works then.

-- 

Regards,

Szymon Wilkolazki

----------

## richard.scott

 *s_wilk wrote:*   

> Hi,
> 
> You don't need to downgrade it.
> 
> Just switch gcc to hardenednossp version and recompile bind. 
> ...

 

does this make the service less secure?

----------

