lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <17ea25717e9138.17e913817ea257@mbox.com.au>
From: simpletone at mbox.com.au (Mike Tone)
Subject: Multiple Remote Vulnerabilities in BIND4 and BIND8 (fwd)

for those oblivious to the outside world ... 
 
- - - - - -  
 
The vulnerabilities described in this advisory affect nearly 
all currently 
deployed recursive DNS servers on the Internet. The DNS 
network is considered 
a critical component of Internet infrastructure. There is no 
information 
implying that these exploits are known to the computer 
underground, and there 
are no reports of active attacks. If exploits for these 
vulnerabilities are 
developed and made public, they may lead to compromise and 
DoS attacks against 
vulnerable DNS servers. Since the vulnerability is 
widespread, an Internet 
worm may be developed to propagate by exploiting the flaws 
in BIND. Widespread 
attacks against the DNS system may lead to general 
instability and inaccuracy 
of DNS data. 
 
 
Affected Versions: 
 
 
BIND SIG Cached RR Overflow Vulnerability 
 
 
        BIND 8, versions up to and including 8.3.3-REL 
        BIND 4, versions up to and including 4.9.10-REL 
 
 
BIND OPT DoS 
 
 
        BIND 8, versions 8.3.0 up to and including 8.3.3-REL 
 
 
BIND SIG Expiry Time DoS 
 
 
        BIND 8, versions up to and including 8.3.3-REL 
 
 
For the complete ISS X-Force Security Advisory, please 
visit: 
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 
 
 

---------------------------------------------------------------------
NEW to mBox, receive faxes to any email address!
Find out more http://www.mbox.com.au/fax

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ