Article 6764 at 06/09/06 11:16:29 From: bq (at mark) solarspeed.net Subject: [coba-e:06764] Re: BIND Exploitable: Remotely

Index: [Article Count Order] [Thread]

Date:  Wed, 6 Sep 2006 04:16:11 +0200
From:  Michael Stauber <bq (at mark) solarspeed.net>
Subject:  [coba-e:06764] Re: BIND Exploitable: Remotely
To:  coba-e (at mark) bluequartz.org
Message-Id:  <200609060416.11880.bq (at mark) solarspeed.net>
In-Reply-To:  <200609060124.k861O6Vo022431 (at mark) k.ro>
References:  <200609060124.k861O6Vo022431 (at mark) k.ro>
X-Mail-Count: 06764

Hi Ji Do,

> Hi, i found this today in my mailbox:
>
>                 Internet Systems Consortium Security Advisory.
>                    BIND 9: Multiple DoS vulnerabilities
>                             5 September 2006
>
> Versions affected:
> 	BIND 9.3.0, BIND 9.3.1, BIND 9.3.2, BIND 9.3.3b1 and BIND 9.3.3rc1
> 	BIND 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6 and
> 	     9.4.0b1.
> 	See note for BIND 9.2.x
> Severity: HIGH
> Exploitable: Remotely
> Type: DoS

A fully patched CentOS + BlueQuartz should run bind-9.2.4-16.EL4 at the 
moment. http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en 
states that "although ISC has not been able to replicate these 
vulnerabilities in BIND 9.2.x, a patch is provided nonetheless."

While the issue itself certainly is critical, it's not clear if a fully 
patched BlueQuartz is affected by the issue. I'm sure the CentOS maintainers 
will implement the pre-emptive patch soon and it should be available via YUM 
shortly.

-- 

With best regards,

Michael Stauber