ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA21752] ISC BIND Denial of Service Vulnerabilities



> ----------------------------------------------------------------------
> 
> TITLE:
> ISC BIND Denial of Service Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA21752
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/21752/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> DoS
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> ISC BIND 9.2.x
> http://secunia.com/product/75/
> ISC BIND 9.3.x
> http://secunia.com/product/4298/
> 
> DESCRIPTION:
> Some vulnerabilities have been reported in BIND, which can be
> exploited by malicious people to cause a DoS (Denial of Service).
> 
> 1) An assertion error within the processing of SIG queries can be
> exploited to crash either a recursive server when more than one
> SIG(covered) Resource Record set (RRset) is returned or an
> authoritative server serving a RFC 2535 DNSSEC zone where there are
> multiple SIG(covered) RRsets.
> 
> 2) An error within the handling of multiple recursive queries can be
> exploited to trigger an INSIST failure by causing the response to the
> query to arrive after all clients looking for the response have left
> the recursion queue.
> 
> NOTE: According to the vendor, the vulnerabilities are likely not
> exploitable in the 9.2.x branch. However, a patch has been provided.
> 
> SOLUTION:
> Update to BIND 9.3.3rc2, BIND 9.3.2-P1, BIND 9.2.7rc1, or BIND
> 9.2.6-P1.
> http://www.isc.org/index.pl?/sw/bind/
> 
> The vulnerabilities have also been fixed in BIND 9.4.0b2.
> 
> PROVIDED AND/OR DISCOVERED BY:
> Reported by the vendor.
> 
> ORIGINAL ADVISORY:
> http://www.isc.org/sw/bind/bind-security.php
> 
> OTHER REFERENCES:
> US-CERT VU#697164:
> http://www.kb.cert.org/vuls/id/697164
> 
> US-CERT VU#915404:
> http://www.kb.cert.org/vuls/id/915404
> 



 




Copyright © Lexa Software, 1996-2009.