Two news flaws have been discovered in BIND. BIND 9.3.0 suffers from a denial of service flaw in its validator. BIND 8.4.4 and 8.4.5 suffer from a denial of service flaw due to an overrun exploitable in the q_usedns array which is used to track queries.
5926d2b1570d6b79c9dbf0eb3627bc595490c75b56c5ef11db4748fc5171fd12BIND Vulnerabilities
ISC has discovered or has been notified of several bugs which can result in vulnerabilities of varying levels of severity in BIND as distributed by ISC. Upgrading to the latest BIND version is strongly recommended.
Name: "BIND: Self Check Failing
[Added 2005.25.01]
Versions affected: BIND 9.3.0
Severity: LOW
Exploitable: Remotely
Type: Denial of Service
Description:
An incorrect assumption in the validator (authvalidated) can result in a REQUIRE (internal consistancy) test failing and named exiting.
Workarounds:
Turn off dnssec validation (off by default) at the options/view level.
dnssec-enable no;
Active Exploits:
None known
Fix:
Upgrade to BIND 9.3.1
http://www.isc.org/sw/bind/
Name: "BIND:
[Added 2005.25.01]
Versions affected: BIND 8.4.4 and 8.4.5 *only*
Severity: LOW
Exploitable: Remotely
Type: Denial of Service
Description:
It is possible to overrun the q_usedns array which is used to track nameservers / addresses that have been queried.
Workarounds:
Disable recursion and glue fetching.
Active Exploits:
None known
Fix:
Upgrade to BIND 8.4.6
http://www.isc.org/sw/bind/
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed