oss-sec mailing list archives
Re: CVE Request -- Unbound v1.4.3 -- 64 bit platforms specific remote DoS
From: Vincent Danen <vdanen () redhat com>
Date: Tue, 16 Mar 2010 14:13:09 -0600
* [2010-03-16 21:08:27 +0100] Tomas Hoger wrote:
On Tue, 16 Mar 2010 11:56:31 -0600 Vincent Danen <vdanen () redhat com> wrote:> Unbound upstream has released latest, v1.4.3 version: > [1] http://www.unbound.net/download.html > > addressing one denial of service issue, specific to 64 bit > platforms. > >References: > [2] http://bugs.gentoo.org/show_bug.cgi?id=309117 > >Could you allocate CVE id for it? Please use CVE-2010-0735 for this issue.This just got CVE-2010-0969 from Mitre: Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
Oh ouch. Yeah, I see it now. Talk about poor timing. Please do _not_ use CVE-2010-0735 for this issue, but use CVE-2010-0969 instead. Thanks, Tomas. --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE Request -- Unbound v1.4.3 -- 64 bit platforms specific remote DoS Jan Lieskovsky (Mar 12)
- Re: CVE Request -- Unbound v1.4.3 -- 64 bit platforms specific remote DoS Vincent Danen (Mar 16)
- Re: CVE Request -- Unbound v1.4.3 -- 64 bit platforms specific remote DoS Tomas Hoger (Mar 16)
- Re: CVE Request -- Unbound v1.4.3 -- 64 bit platforms specific remote DoS Vincent Danen (Mar 16)
- Re: CVE Request -- Unbound v1.4.3 -- 64 bit platforms specific remote DoS Steven M. Christey (Mar 18)
- Re: CVE Request -- Unbound v1.4.3 -- 64 bit platforms specific remote DoS Vincent Danen (Mar 18)
- Re: CVE Request -- Unbound v1.4.3 -- 64 bit platforms specific remote DoS Tomas Hoger (Mar 16)
- Re: CVE Request -- Unbound v1.4.3 -- 64 bit platforms specific remote DoS Vincent Danen (Mar 16)