Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] FW: [SA28579] ISC BIND libbind "inet_network()" Off-By-One Vulnerability
>
> TITLE:
> ISC BIND libbind "inet_network()" Off-By-One Vulnerability
>
> SECUNIA ADVISORY ID:
> SA28579
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/28579/
>
> CRITICAL:
> Less critical
>
> IMPACT:
> DoS, System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> ISC BIND 8.x.x
> http://secunia.com/product/76/
> ISC BIND 9.2.x
> http://secunia.com/product/75/
> ISC BIND 9.3.x
> http://secunia.com/product/4298/
> ISC BIND 9.4.x
> http://secunia.com/product/14101/
>
> DESCRIPTION:
> A vulnerability has been reported in ISC BIND, which can be exploited
> by malicious people to cause a DoS (Denial of Service) or to
> potentially compromise a vulnerable system.
>
> The vulnerability affects applications linked against libbind and is
> related to:
> SA28367
>
> NOTE: The applications included in BIND 8 and 9 do not call the
> vulnerable function.
>
> The vulnerability is reported in the following versions:
> * BIND 8 (all versions)
> * BIND 9.0 (all versions)
> * BIND 9.1 (all versions)
> * BIND 9.2 (all versions)
> * BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3, and 9.3.4
> * BIND 9.4.0, 9.4.1, and 9.4.2
> * BIND 9.5.0a1, 9.5.0a2, 9.5.0a3, 9.5.0a4, 9.5.0a5, 9.5.0a6, 9.5.0a7,
> and 9.5.0b1
>
> SOLUTION:
> Please see vendor advisory for patch information.
>
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Nate Eldredge.
>
> ORIGINAL ADVISORY:
> http://www.isc.org/index.pl?/sw/bind/bind-security.php
>
> OTHER REFERENCES:
> SA28367:
> http://secunia.com/advisories/28367/
>
|
