176677 2007-05-01 12:38 0000 net-dns/bind<9.4.1 querry_addsoa() DoS 2007-05-15 12:39:49 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED ~3 [noglsa] jaervosz P2 normal --- 1 jaervosz@gentoo.org security@gentoo.org bind@gentoo.org jaervosz@gentoo.org 2007-05-01 12:38:38 0000 Description: A vulnerability has been reported in BIND, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when invoking the "query_addsoa()" function. This can be exploited to cause the nameserver to exit by sending a specially crafted sequence of queries. Successful exploitation requires that "recursion" is enabled. The vulnerability is reported in BIND version 9.4.0, and BIND versions 9.5.0a1, 9.5.0a2, and 9.5.0a3. Solution: Update to BIND 9.4.1. voxus@gentoo.org 2007-05-01 13:23:44 0000 bind and bind-tools bumped to 9.4.1. jaervosz@gentoo.org 2007-05-01 14:36:55 0000 Thx Konstantin. Closing with NO GLSA since 9.4 is not stable yet.