Opened 20 years ago

Closed 20 years ago

Last modified 16 years ago

#1174 closed defect (fixed)

bind 9.3.0 remote vulnerability

Reported by: Dan.Osterrath@… Owned by: Randy McMurchy
Priority: highest Milestone:
Component: BOOK Version: SVN
Severity: major Keywords:
Cc:

Description

In bind 9.3.0 theres a vulnerability that causes an remote attacker to exit the daemon. ISC has released version 9.3.1. A patch against 9.3.0 is also available. As a workaround turn of dnssec validation with:

"dnssec-enable no;"

Note: This bug has only low severity as by default dnssec validation is off by default.

Change History (5)

comment:1 by Randy McMurchy, 20 years ago

Milestone: future6.0
Priority: highhighest
Severity: normalmajor

Here's a link to the patch. It should be added to BLFS ASAP.

ftp://ftp.isc.org/isc/bind9/9.3.0/9.3.0-patch1

comment:2 by Randy McMurchy, 20 years ago

Owner: changed from blfs-book@… to Randy McMurchy

comment:3 by Randy McMurchy, 20 years ago

Status: newassigned

comment:4 by Randy McMurchy, 20 years ago

Resolution: fixed
Status: assignedclosed

Added ISC patch to Bind instructions

comment:5 by (none), 16 years ago

Milestone: 6.0

Milestone 6.0 deleted

Note: See TracTickets for help on using tickets.