The release notes for BIND 9.7.3 contain this:

* A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled
allows for a TCP DoS attack. Until there is a kernel fix, ISC is
disabling SO_ACCEPTFILTER support in BIND. [RT #22589]

The CHANGES file also says:

2996. [security] Temporarily disable SO_ACCEPTFILTER support.
[RT #22589]

Can anyone tell me more? What releases are affected? Is a kernel patch in the works?

Thanks in advance,

freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Intel Itaniums very survival in doubt - inquirer article
    ... Yes, I work for HP, but it is a bit of a stretch to say that the bind ... SPECint/SPECfp are designed specifically to avoid using OS ... It would say how fast emulation is for applications that spend no time ... in the kernel. ...
  • Re: [SLE] Bootsplash for 2.6.0test9 kernel [SOLVED]
    ... are you getting the SO_BSDCOMPAT errors from bind? ... The kernel is stable, I always run it. ... > Trial and error led me to the only other needed change. ... > God said, ...
  • Re: Intel Itaniums very survival in doubt - inquirer article
    ... >>time spent by the bind workload in the kernel and in user space ... > versus native in the kernel. ... > those with some passing familiarity with BIND named will have some ... > will have an idea of how their app might run under emulation. ...
  • Mount -o bind strange behaviour
    ... Kernel compiled from vanilla sources. ... I have mounted several directories with option -o bind in order to have ... Umount && mount solved the problem. ... send the line "unsubscribe linux-kernel" in ...
  • Re: Intel Itaniums very survival in doubt - inquirer article
    ... >>Regretably all the emulation performance data I have seen ... >>are predominantly kernel based where the kernel is a native ... Is BIND kernel-bound? ... > You have posted no data to support this, ...