#1174 closed defect (fixed)
bind 9.3.0 remote vulnerability
Reported by: | Owned by: | Randy McMurchy | |
---|---|---|---|
Priority: | highest | Milestone: | |
Component: | BOOK | Version: | SVN |
Severity: | major | Keywords: | |
Cc: |
Description
In bind 9.3.0 theres a vulnerability that causes an remote attacker to exit the daemon. ISC has released version 9.3.1. A patch against 9.3.0 is also available. As a workaround turn of dnssec validation with:
"dnssec-enable no;"
Note: This bug has only low severity as by default dnssec validation is off by default.
Change History (5)
comment:1 by , 20 years ago
Milestone: | future → 6.0 |
---|---|
Priority: | high → highest |
Severity: | normal → major |
comment:2 by , 20 years ago
Owner: | changed from | to
---|
comment:3 by , 20 years ago
Status: | new → assigned |
---|
comment:4 by , 20 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Added ISC patch to Bind instructions
Note:
See TracTickets
for help on using tickets.
Here's a link to the patch. It should be added to BLFS ASAP.
ftp://ftp.isc.org/isc/bind9/9.3.0/9.3.0-patch1