[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] bind DoS vulnerability

To: linux-security
Subject: [linux-security] bind DoS vulnerability
Date: Tue, 14 Nov 2000 15:19:24 -0800 (PST)

Synopsis
========
named is vulnerable to denial of service (DoS) attack.

Problem Description
===================
A bug in bind 8.2.2_P5 allows for a denial of service attack.
If named is open to zone transfers and recursive resolving, it will crash
after a ZXFR for the authoritative zone and a query of a remote hostname.

Affected Systems
================
All Unix systems that act as a nameserver and run the named daemon.

Workaround
==========
Disabling zone transfers to non-trusted hosts by adding
allow-transfer { trusted-hosts; };
to /etc/named.conf prevents the exploit from working on older releases,
however, this does not fix the problem.

Solution
========
upgrade to bind-8.2.2-P7

RedHat 6.x
rpm -Fvh bind-8.2.2_P7-0.6.2.i386.rpm bind-devel-8.2.2_P7-0.6.2.i386.rpm bind-utils-8.2.2_P7-0.6.2.i386.rpm 

RedHat 7.0
rpm -Fvh bind-8.2.2_P7-1.i386.rpm bind-devel-8.2.2_P7-1.i386.rpm bind-utils-8.2.2_P7-1.i386.rpm

Prev by Date: [linux-security] usermode package rereleased
Next by Date: [linux-security] openssh X11 forwarding bugs
Prev by thread: [linux-security] openssh X11 forwarding bugs
Next by thread: [linux-security] usermode package rereleased
Index(es):
- Date
- Thread