|
Message-Id: <200907290004.38759.rbu@gentoo.org>
Date: Wed, 29 Jul 2009 00:04:36 +0200
From: Robert Buchholz <rbu@...too.org>
To: oss-security@...ts.openwall.com
Cc: Vincent Danen <vdanen@...hat.com>
Subject: Re: debian bug report on bind9 DoS
On Tuesday 28 July 2009, Vincent Danen wrote:
> I don't think
> it's a huge problem with a well-secured bind9 configuration, but
> could be quite problematic for bind config's that allow updates
> without an RNDC key (typical of some dynamic DNS implementations), or
> on a system that has lax enough permissions that the RNDC key is
> exposed.
The crash is not limited to configurations that allow updates.
The ISC advisory states so as well, and I could reproduce the DoS on a
static named instance by removing the "$packet->sign_tsig(...)" line in
the exploit.
So the scope of this issue is wider than apparent from the original
report.
Robert
Download attachment "signature.asc " of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.