[Full-disclosure] BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.]
- From: Lebbeous Weekley <lebbeous@xxxxxxxxxxxxxxxxx>
- Date: Thu, 25 Jan 2007 09:38:45 -0500
Hadn't seen this on here yet.
----- "Mark Andrews" <Mark_Andrews@xxxxxxx> wrote:
Internet Systems Consortium Security Advisory.
BIND 9: dereferencing freed fetch context
12 January 2007
BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3
BIND 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6,
9.4.0b2, 9.4.0b3, 9.4.0b4, 9.4.0rc1
BIND 9.5.0a1 (Bind Forum only)
It is possible for the named to dereference (read) a freed
fetch context. This can cause named to exit unintentionally.
Disable / restrict recursion (to limit exposure).
Upgrade to BIND 9.2.8, BIND 9.3.4 or BIND 9.4.0rc2.
Additionally this will be fixed in the upcoming BIND 9.5.0a2.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: Re: [Full-disclosure] [c-nsp] Cisco Security Advisory: Crafted IP Option Vulnerability
- Next by Date: [Full-disclosure] [x0n3-h4ck] Siteman 2.0.x2 Remote Md5 Hash Disclosure Vulnerability
- Previous by thread: [Full-disclosure] A Recent Phishing Evolution?
- Next by thread: [Full-disclosure] [x0n3-h4ck] Siteman 2.0.x2 Remote Md5 Hash Disclosure Vulnerability