Security Incidents mailing list archives
BIND 8.2.X
From: frank boldewin <frank.boldewin () GMX DE>
Date: Mon, 29 Jan 2001 20:54:51 +0100
SOURCE : http://www.isc.org/products/BIND/bind-security.html BIND Vulnerabilities ISC has discovered or has been notified of several bugs which can result in vulnerabilities of varying levels of severity in BIND as distributed by ISC. Upgrading to BIND version 9.1 is strongly recommended. If that is not possible for your site, upgrading at least to BIND version 8.2.3 is imperative. BIND 9.1.0 PGP Signature for BIND 9.1.0 BIND 8.2.3 source package (1.3M) PGP signature for bind-src.tar.gz BIND 8.2.3 documentation (1.3M) PGP signature for bind-doc.tar.gz BIND 8.2.3 contrib packages (875K) PGP signature for bind-contrib.tar.gz ---------------------------------------------------------------------------- ---- Name: "tsig bug" Versions affected: 8.2, 8.2-P1, 8.2.1, 8.2.2-P1, 8.2.2-P2, 8.2.2-P3, 8.2.2-P4, 8.2.2-P5, 8.2.2-P6, 8.2.2-P7, and all 8.2.3-betas Severity: CRITICAL Exploitable: Remotely Type: Access possible. Description: It is possible to overflow a buffer handling TSIG signed queries, thereby obtaining access to the system. Workarounds: None. Active Exploits: Exploits for this bug exist. ---------------------------------------------------------------------------- ---- Name: "infoleak" Versions affected: 4.8, 4.8.3, 4.9.3, 4.9.4, 4.9.5, 4.9.5-P1, 4.9.6, 4.9.7, 8.1, 8.1.1, 8.2, 8.2-P1, 8.2.1, 8.2.2-P1, 8.2.2-P2, 8.2.2-P3, 8.2.2-P4, 8.2.2-P5, 8.2.2-P6, 8.2.2-P7, possibly earlier versions of BIND 4.9.x and BIND 4.9 Severity: MODERATE Exploitable: Remotely Type: Information leak. Description: It is possible to construct a inverse query that allows the stack to be read remotely exposing environment variables. Workarounds: None. Active Exploits: Exploits for this bug exist. cheers Frank Boldewin Security Analyst
Current thread:
- BIND 8.2.X frank boldewin (Jan 29)