oss-sec mailing list archives
Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c
From: Vincent Danen <vdanen () redhat com>
Date: Thu, 17 Nov 2011 10:13:41 -0700
* [2011-11-17 02:40:28 +0000] The Fungi wrote:
On 2011-11-16 23:43:25 +0400 (+0400), Solar Designer wrote: [...]Does anyone readily know if BIND 9.3.x is affected as well?[...] While obviously not conclusive, I can say that our 9.3.4-P1.2 resolvers were not impacted and ran clean through while our 9.5.1-P3 and 9.6-ESV-R4 resolvers crashed and had to be restarted several times overnight.
Our bind maintainer believes that 9.3.6 is affected (but possibly harder to exploit or via a different vector). However, he does not believe that 9.2.x and earlier are affected due to the old DNSSEC implementation (so 9.2.x wouldn't understand current DNSSEC signatures so would not cache them). Some further details can be found in our bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4313 -- Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer (Nov 16)
- Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer (Nov 16)
- Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer (Nov 16)
- Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c The Fungi (Nov 16)
- Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Vincent Danen (Nov 17)
- Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer (Nov 17)
- Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer (Nov 17)
- Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Vincent Danen (Nov 17)
- Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer (Nov 16)