oss-sec mailing list archives
Re: debian bug report on bind9 DoS
From: Robert Buchholz <rbu () gentoo org>
Date: Wed, 29 Jul 2009 00:04:36 +0200
On Tuesday 28 July 2009, Vincent Danen wrote:
I don't think it's a huge problem with a well-secured bind9 configuration, but could be quite problematic for bind config's that allow updates without an RNDC key (typical of some dynamic DNS implementations), or on a system that has lax enough permissions that the RNDC key is exposed.
The crash is not limited to configurations that allow updates. The ISC advisory states so as well, and I could reproduce the DoS on a static named instance by removing the "$packet->sign_tsig(...)" line in the exploit. So the scope of this issue is wider than apparent from the original report. Robert
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- debian bug report on bind9 DoS Vincent Danen (Jul 28)
- Re: debian bug report on bind9 DoS Thijs Kinkhorst (Jul 28)
- Re: debian bug report on bind9 DoS Vincent Danen (Jul 28)
- Re: debian bug report on bind9 DoS Robert Buchholz (Jul 28)
- Re: debian bug report on bind9 DoS Nico Golde (Jul 29)
- Re: debian bug report on bind9 DoS Solar Designer (Jul 29)
- Re: debian bug report on bind9 DoS Solar Designer (Jul 29)
- Re: debian bug report on bind9 DoS Thijs Kinkhorst (Jul 28)