SecurityFocus

BIND 9.2.2 Vulnerabilities? Mar 04 2003 07:04PM
John (bugtraq doomsday com) (2 replies)

Re: BIND 9.2.2 Vulnerabilities? Mar 04 2003 09:26PM
David Kennedy CISSP (david kennedy acm org) (1 replies)

Re: BIND 9.2.2 Vulnerabilities? Mar 05 2003 08:43AM
Gerhard den Hollander (gerhard jasongeo com) (1 replies)

Re: BIND 9.2.2 Vulnerabilities? Mar 05 2003 09:46PM
John (bugtraq doomsday com) (1 replies)

Re: BIND 9.2.2 Vulnerabilities? Mar 06 2003 05:43PM
Scott Wunsch (bugtraq tracking wunsch org)

On Wed, 05-Mar-2003 at 15:46:41 -0600, John wrote:

> That was really what I was trying to get at. If there are vulnerabilities
> I don't think that they are being discussed in a manner that brings this
> to the attention of those of us who are running 9.2.1. It seems that the
> announcement was rather low-key and I stumbled across this information on
> the website almost by mistake.

I'm rather puzzled by it too :-). Some days before before the 9.2.2
release, my 9.2.1 nameserver was getting repeatedly killed (with an
assertion failure) by a stream of DNS queries over TCP from one of our
users. Every time I restarted it, it would die again within a few seconds.
We "solved" the problem by blocking traffic from the customer who was
generating all the TCP queries.

I reported this to ISC, and was informed that this was fixed in 9.2.2rc1
(but my request for more details was ignored).

So, if nothing else, I consider 9.2.2 to be a fix for a denial of service
problem.

--
Take care,
Scott \\'unsch

... Write all complaints in this box (in triplicate): [] Thank You!

[ reply ]

Re: BIND 9.2.2 Vulnerabilities? Mar 04 2003 08:36PM
Albert Sunseri (sunseri abpi net)