Full Disclosure mailing list archives
Multiple Remote Vulnerabilities in BIND4 and BIND8 (fwd)
From: Mike Tone <simpletone () mbox com au>
Date: Wed, 13 Nov 2002 09:30:05 +1100
for those oblivious to the outside world ... - - - - - - The vulnerabilities described in this advisory affect nearly all currently deployed recursive DNS servers on the Internet. The DNS network is considered a critical component of Internet infrastructure. There is no information implying that these exploits are known to the computer underground, and there are no reports of active attacks. If exploits for these vulnerabilities are developed and made public, they may lead to compromise and DoS attacks against vulnerable DNS servers. Since the vulnerability is widespread, an Internet worm may be developed to propagate by exploiting the flaws in BIND. Widespread attacks against the DNS system may lead to general instability and inaccuracy of DNS data. Affected Versions: BIND SIG Cached RR Overflow Vulnerability BIND 8, versions up to and including 8.3.3-REL BIND 4, versions up to and including 4.9.10-REL BIND OPT DoS BIND 8, versions 8.3.0 up to and including 8.3.3-REL BIND SIG Expiry Time DoS BIND 8, versions up to and including 8.3.3-REL For the complete ISS X-Force Security Advisory, please visit: http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469 --------------------------------------------------------------------- NEW to mBox, receive faxes to any email address! Find out more http://www.mbox.com.au/fax _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Multiple Remote Vulnerabilities in BIND4 and BIND8 (fwd) Mike Tone (Nov 12)