BIND 9.7.3 -- TCP DoS in SO_ACCEPTFILTER



The release notes for BIND 9.7.3 contain this:

* A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled
allows for a TCP DoS attack. Until there is a kernel fix, ISC is
disabling SO_ACCEPTFILTER support in BIND. [RT #22589]

The CHANGES file also says:

2996. [security] Temporarily disable SO_ACCEPTFILTER support.
[RT #22589]

Can anyone tell me more? What releases are affected? Is a kernel patch in the works?

Thanks in advance,

Eric
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"