[dns-operations] BIND Security Advisory
Stephane Bortzmeyer
bortzmeyer at nic.fr
Wed Jul 29 10:08:22 UTC 2009
On Tue, Jul 28, 2009 at 06:21:22PM -0700,
Peter Losher <plosher at isc.org> wrote
a message of 30 lines which said:
> "Testing indicates that the attack packet has to be formulated against a
> zone for which that machine is a master. Launching the attack against
> slave zones does not trigger the assert.
We tested that removing the zones which are typically there by
default, and in mode master (such as localhost and
0.0.127.in-addr.arpa) works fine: the published exploit no longer
works afterwards.
This can be an interim solution for those who don't have a clean
upgrade path (for instance, RHEL did not push the patch yet).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20090729/1594f4dd/attachment.sig>
More information about the dns-operations
mailing list