[dns-operations] BIND Security Advisory

Stephane Bortzmeyer bortzmeyer at nic.fr
Wed Jul 29 10:08:22 UTC 2009

On Tue, Jul 28, 2009 at 06:21:22PM -0700,
 Peter Losher <plosher at isc.org> wrote 
 a message of 30 lines which said:

> "Testing indicates that the attack packet has to be formulated against a
> zone for which that machine is a master. Launching the attack against
> slave zones does not trigger the assert.

We tested that removing the zones which are typically there by
default, and in mode master (such as localhost and
0.0.127.in-addr.arpa) works fine: the published exploit no longer
works afterwards.

This can be an interim solution for those who don't have a clean
upgrade path (for instance, RHEL did not push the patch yet).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20090729/1594f4dd/attachment.sig>

More information about the dns-operations mailing list