[dns-operations] Remote crash in Bind9 (in Debian)
Ondřej Surý
ondrej.sury at nic.cz
Wed Jul 29 07:34:11 UTC 2009
On Wed, Jul 29, 2009 at 7:19 AM, Stephane Bortzmeyer<bortzmeyer at nic.fr> wrote:
> On Tue, Jul 28, 2009 at 08:24:45PM +0000,
> Ond?ej Surı <ondrej.sury at nic.cz> wrote
> a message of 22 lines which said:
>
>> For all of you who are not aware, there is a way how to crash bind9
>> (in Debian?) via specially crafted packet:
>>
>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975
>
> The bug has been closed because a patched BIND is available in Debian
> "unstable" but there is still nothing for Debian "stable" so most
> production sites are still vulnerable :-(
>
> No advisory appear here:
>
> http://www.debian.org/security/
>
> :-(
Advisory came out just now :)
Ondrej
--
Ondrej Sury
technicky reditel/Chief Technical Officer
-----------------------------------------
CZ.NIC, z.s.p.o. -- .cz domain registry
Americka 23,120 00 Praha 2,Czech Republic
mailto:ondrej.sury at nic.cz http://nic.cz/
sip:ondrej.sury at nic.cz tel:+420.222745110
mob:+420.739013699 fax:+420.222745112
-----------------------------------------
More information about the dns-operations
mailing list