lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 25 Jan 2007 09:38:45 -0500 From: Lebbeous Weekley <lebbeous@...ricanelabs.com> To: full-disclosure@...ts.grok.org.uk, vulnwatch@...nwatch.org, bugtraq@...urityfocus.com Subject: BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.] Hadn't seen this on here yet. Lebbeous Weekley ----- "Mark Andrews" <Mark_Andrews@....org> wrote: > Internet Systems Consortium Security Advisory. > BIND 9: dereferencing freed fetch context > 12 January 2007 > > Versions affected: > > BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3 > BIND 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6, > 9.4.0b1 > 9.4.0b2, 9.4.0b3, 9.4.0b4, 9.4.0rc1 > BIND 9.5.0a1 (Bind Forum only) > > Severity: Low > Exploitable: Remotely > > Description: > > It is possible for the named to dereference (read) a freed > fetch context. This can cause named to exit unintentionally. > > Workaround: > > Disable / restrict recursion (to limit exposure). > > Fix: > > Upgrade to BIND 9.2.8, BIND 9.3.4 or BIND 9.4.0rc2. > Additionally this will be fixed in the upcoming BIND 9.5.0a2. > > Revision History:
Powered by blists - more mailing lists