#1174 closed defect (fixed)
bind 9.3.0 remote vulnerability
| Reported by: | Owned by: | Randy McMurchy | |
|---|---|---|---|
| Priority: | highest | Milestone: | |
| Component: | BOOK | Version: | SVN |
| Severity: | major | Keywords: | |
| Cc: |
Description
In bind 9.3.0 theres a vulnerability that causes an remote attacker to exit the daemon. ISC has released version 9.3.1. A patch against 9.3.0 is also available. As a workaround turn of dnssec validation with:
"dnssec-enable no;"
Note: This bug has only low severity as by default dnssec validation is off by default.
Change History (5)
comment:1 by , 19 years ago
| Milestone: | future → 6.0 |
|---|---|
| Priority: | high → highest |
| Severity: | normal → major |
comment:2 by , 19 years ago
| Owner: | changed from to |
|---|
comment:3 by , 19 years ago
| Status: | new → assigned |
|---|
comment:4 by , 19 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Added ISC patch to Bind instructions
Note:
See TracTickets
for help on using tickets.
Here's a link to the patch. It should be added to BLFS ASAP.
ftp://ftp.isc.org/isc/bind9/9.3.0/9.3.0-patch1