[VulnWatch] BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.]
- From: Lebbeous Weekley <lebbeous@xxxxxxxxxxxxxxxxx>
- Date: Thu, 25 Jan 2007 09:38:45 -0500
Hadn't seen this on here yet.
----- "Mark Andrews" <Mark_Andrews@xxxxxxx> wrote:
Internet Systems Consortium Security Advisory.
BIND 9: dereferencing freed fetch context
12 January 2007
BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3
BIND 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6,
9.4.0b2, 9.4.0b3, 9.4.0b4, 9.4.0rc1
BIND 9.5.0a1 (Bind Forum only)
It is possible for the named to dereference (read) a freed
fetch context. This can cause named to exit unintentionally.
Disable / restrict recursion (to limit exposure).
Upgrade to BIND 9.2.8, BIND 9.3.4 or BIND 9.4.0rc2.
Additionally this will be fixed in the upcoming BIND 9.5.0a2.
- Prev by Date: [VulnWatch] Cisco Security Advisory: Crafted IP Option Vulnerability
- Next by Date: [VulnWatch] Medium Risk Vulnerability in PGP Desktop
- Previous by thread: [VulnWatch] Cisco Security Advisory: Crafted IP Option Vulnerability
- Next by thread: [VulnWatch] Medium Risk Vulnerability in PGP Desktop