BIND remote exploit (low severity) [Fwd: Internet Systems Consortium Security Advisory.]
- From: Lebbeous Weekley <lebbeous@xxxxxxxxxxxxxxxxx>
- Date: Thu, 25 Jan 2007 09:38:45 -0500
Hadn't seen this on here yet.
----- "Mark Andrews" <Mark_Andrews@xxxxxxx> wrote:
Internet Systems Consortium Security Advisory.
BIND 9: dereferencing freed fetch context
12 January 2007
BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3
BIND 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6,
9.4.0b2, 9.4.0b3, 9.4.0b4, 9.4.0rc1
BIND 9.5.0a1 (Bind Forum only)
It is possible for the named to dereference (read) a freed
fetch context. This can cause named to exit unintentionally.
Disable / restrict recursion (to limit exposure).
Upgrade to BIND 9.2.8, BIND 9.3.4 or BIND 9.4.0rc2.
Additionally this will be fixed in the upcoming BIND 9.5.0a2.
- Prev by Date: makit news/blog poster <=v3(news_page.asp) Remote SQL Injection Vulnerability
- Next by Date: Aztek Forum 4.1 Multiple Vulnerabilities Exploit
- Previous by thread: makit news/blog poster <=v3(news_page.asp) Remote SQL Injection Vulnerability
- Next by thread: Aztek Forum 4.1 Multiple Vulnerabilities Exploit