[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Internet Systems Consortium Security Advisory: BIND: Buffer Overrun (q_usedns).

To: bind-announce@xxxxxxx
Subject: Internet Systems Consortium Security Advisory: BIND: Buffer Overrun (q_usedns).
From: Mark Andrews <Mark_Andrews@xxxxxxx>
Date: Wed, 26 Jan 2005 15:54:31 +1100
List-id: <bind-announce.isc.org>
List-unsubscribe: <mailto:bind-announce-request@isc.org?Subject=unsubscribe>
Sender: bind-announce-bounce@xxxxxxx

		Internet Systems Consortium Security Advisory.
			BIND: Buffer Overrun (q_usedns).
			     17 November 2004

        Versions affected:
                BIND 8.4.4 and 8.4.5
        Severity: LOW
        Exploitable: Remotely
        Type: denial of service
	Description:

		It is possible to overrun the q_usedns array which
		is used to track nameservers / addresses that have
		been queried.

	Workaround:

		Disable recursion and glue fetching.

	Fix:

		Upgrade to BIND 8.4.6
		http://www.isc.org/sw/bind/

	See also:
		http://www.kb.cert.org/vuls/id/327633

Prev by Date: Internet Systems Consortium Security Advisory: BIND: Self Check Failing
Next by Date: Meeting reminder: umce.linux Wed 1/26/04 (Today) @ 3 pm
Previous by thread: Internet Systems Consortium Security Advisory: BIND: Self Check Failing
Next by thread: Meeting reminder: umce.linux Wed 1/26/04 (Today) @ 3 pm
Index(es):
- Date
- Thread