oss-sec mailing list archives

Re: debian bug report on bind9 DoS

From: Solar Designer <solar () openwall com>
Date: Wed, 29 Jul 2009 17:15:09 +0400

Just in case anyone cares to have another confirmation:

On Wed, Jul 29, 2009 at 12:04:36AM +0200, Robert Buchholz wrote:

The crash is not limited to configurations that allow updates.
The ISC advisory states so as well, and I could reproduce the DoS on a 
static named instance by removing the "$packet->sign_tsig(...)" line in 
the exploit.


Confirmed on 9.3.5-P2 (removing the "$packet->sign_tsig(...)" line from
the exploit as above) with whatever patches we happened to have until
this latest fix.

Alexander

Current thread:

debian bug report on bind9 DoS Vincent Danen (Jul 28)
- Re: debian bug report on bind9 DoS Thijs Kinkhorst (Jul 28)
  - Re: debian bug report on bind9 DoS Vincent Danen (Jul 28)
- Re: debian bug report on bind9 DoS Robert Buchholz (Jul 28)
  - Re: debian bug report on bind9 DoS Nico Golde (Jul 29)
  - Re: debian bug report on bind9 DoS Solar Designer (Jul 29)
    - Re: debian bug report on bind9 DoS Solar Designer (Jul 29)