Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
| Bug#: 176677 | Product: Gentoo Security | Version: unspecified | Platform: All |
| OS/Version: Linux | Status: RESOLVED | Severity: normal | Priority: P2 |
| Resolution: FIXED | Assigned To: security@gentoo.org | Reported By: jaervosz@gentoo.org | |
| Component: Vulnerabilities | |||
| URL: | |||
| Summary: net-dns/bind<9.4.1 querry_addsoa() DoS | |||
| Keywords: | |||
| Status Whiteboard: ~3 [noglsa] jaervosz | |||
| Opened: 2007-05-01 12:38 0000 | |||
| Description: | Opened: 2007-05-01 12:38 0000 |
Description: A vulnerability has been reported in BIND, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when invoking the "query_addsoa()" function. This can be exploited to cause the nameserver to exit by sending a specially crafted sequence of queries. Successful exploitation requires that "recursion" is enabled. The vulnerability is reported in BIND version 9.4.0, and BIND versions 9.5.0a1, 9.5.0a2, and 9.5.0a3. Solution: Update to BIND 9.4.1.
bind and bind-tools bumped to 9.4.1.
Thx Konstantin. Closing with NO GLSA since 9.4 is not stable yet.