Vulnwatch mailing list archives
BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.]
From: Lebbeous Weekley <lebbeous () hurricanelabs com>
Date: Thu, 25 Jan 2007 09:38:45 -0500
Hadn't seen this on here yet. Lebbeous Weekley ----- "Mark Andrews" <Mark_Andrews () isc org> wrote:
Internet Systems Consortium Security Advisory. BIND 9: dereferencing freed fetch context 12 January 2007 Versions affected: BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3 BIND 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6, 9.4.0b1 9.4.0b2, 9.4.0b3, 9.4.0b4, 9.4.0rc1 BIND 9.5.0a1 (Bind Forum only) Severity: Low Exploitable: Remotely Description: It is possible for the named to dereference (read) a freed fetch context. This can cause named to exit unintentionally. Workaround: Disable / restrict recursion (to limit exposure). Fix: Upgrade to BIND 9.2.8, BIND 9.3.4 or BIND 9.4.0rc2. Additionally this will be fixed in the upcoming BIND 9.5.0a2. Revision History:
Current thread:
- BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.] Lebbeous Weekley (Jan 25)