lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 6 Mar 2003 11:43:23 -0600 From: Scott Wunsch <bugtraq@...cking.wunsch.org> To: John <bugtraq@...msday.com> Subject: Re: BIND 9.2.2 Vulnerabilities? On Wed, 05-Mar-2003 at 15:46:41 -0600, John wrote: > That was really what I was trying to get at. If there are vulnerabilities > I don't think that they are being discussed in a manner that brings this > to the attention of those of us who are running 9.2.1. It seems that the > announcement was rather low-key and I stumbled across this information on > the website almost by mistake. I'm rather puzzled by it too :-). Some days before before the 9.2.2 release, my 9.2.1 nameserver was getting repeatedly killed (with an assertion failure) by a stream of DNS queries over TCP from one of our users. Every time I restarted it, it would die again within a few seconds. We "solved" the problem by blocking traffic from the customer who was generating all the TCP queries. I reported this to ISC, and was informed that this was fixed in 9.2.2rc1 (but my request for more details was ignored). So, if nothing else, I consider 9.2.2 to be a fix for a denial of service problem. -- Take care, Scott \\'unsch ... Write all complaints in this box (in triplicate): [] Thank You!
Powered by blists - more mailing lists