| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: simpletone at mbox.com.au (Mike Tone)
Subject: Multiple Remote Vulnerabilities in BIND4 and BIND8 (fwd)
for those oblivious to the outside world ...
- - - - - -
The vulnerabilities described in this advisory affect nearly
all currently
deployed recursive DNS servers on the Internet. The DNS
network is considered
a critical component of Internet infrastructure. There is no
information
implying that these exploits are known to the computer
underground, and there
are no reports of active attacks. If exploits for these
vulnerabilities are
developed and made public, they may lead to compromise and
DoS attacks against
vulnerable DNS servers. Since the vulnerability is
widespread, an Internet
worm may be developed to propagate by exploiting the flaws
in BIND. Widespread
attacks against the DNS system may lead to general
instability and inaccuracy
of DNS data.
Affected Versions:
BIND SIG Cached RR Overflow Vulnerability
BIND 8, versions up to and including 8.3.3-REL
BIND 4, versions up to and including 4.9.10-REL
BIND OPT DoS
BIND 8, versions 8.3.0 up to and including 8.3.3-REL
BIND SIG Expiry Time DoS
BIND 8, versions up to and including 8.3.3-REL
For the complete ISS X-Force Security Advisory, please
visit:
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
---------------------------------------------------------------------
NEW to mBox, receive faxes to any email address!
Find out more http://www.mbox.com.au/fax
Powered by blists - more mailing lists