NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > BIND Announce> 2005

Internet Systems Consortium Security Advisory: BIND: Buffer Overrun (q_usedns).

From: Mark Andrews (Mark_Andrewsisc.org)
Date: Tue Jan 25 2005 - 22:54:31 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

                Internet Systems Consortium Security Advisory.
                        BIND: Buffer Overrun (q_usedns).
                             17 November 2004

        Versions affected:
                BIND 8.4.4 and 8.4.5
        Severity: LOW
        Exploitable: Remotely
        Type: denial of service
        Description:

                It is possible to overrun the q_usedns array which
                is used to track nameservers / addresses that have
                been queried.

Workaround:

Disable recursion and glue fetching.

Fix:

Upgrade to BIND 8.4.6
http://www.isc.org/sw/bind/

See also:
http://www.kb.cert.org/vuls/id/327633

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]