BIND 9.7.3 -- TCP DoS in SO_ACCEPTFILTER
- From: <Eric_vanGyzen@xxxxxxxxxx>
- Date: Wed, 16 Feb 2011 08:07:00 -0600
The release notes for BIND 9.7.3 contain this:
* A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled
allows for a TCP DoS attack. Until there is a kernel fix, ISC is
disabling SO_ACCEPTFILTER support in BIND. [RT #22589]
The CHANGES file also says:
2996. [security] Temporarily disable SO_ACCEPTFILTER support.
[RT #22589]
Can anyone tell me more? What releases are affected? Is a kernel patch in the works?
Thanks in advance,
Eric
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: BIND 9.7.3 -- TCP DoS in SO_ACCEPTFILTER
- From: Doug Barton
- Re: BIND 9.7.3 -- TCP DoS in SO_ACCEPTFILTER
- Prev by Date: Re: Recent full disclosure post - Local DOS
- Next by Date: Re: BIND 9.7.3 -- TCP DoS in SO_ACCEPTFILTER
- Previous by thread: Re: Add SHA-256/512 hash algorithm to crypt(3) (kern/124164)
- Next by thread: Re: BIND 9.7.3 -- TCP DoS in SO_ACCEPTFILTER
- Index(es):
Relevant Pages
|
