oss-sec mailing list archives
Re: debian bug report on bind9 DoS
From: Solar Designer <solar () openwall com>
Date: Wed, 29 Jul 2009 17:15:09 +0400
Just in case anyone cares to have another confirmation: On Wed, Jul 29, 2009 at 12:04:36AM +0200, Robert Buchholz wrote:
The crash is not limited to configurations that allow updates. The ISC advisory states so as well, and I could reproduce the DoS on a static named instance by removing the "$packet->sign_tsig(...)" line in the exploit.
Confirmed on 9.3.5-P2 (removing the "$packet->sign_tsig(...)" line from the exploit as above) with whatever patches we happened to have until this latest fix. Alexander
Current thread:
- debian bug report on bind9 DoS Vincent Danen (Jul 28)
- Re: debian bug report on bind9 DoS Thijs Kinkhorst (Jul 28)
- Re: debian bug report on bind9 DoS Vincent Danen (Jul 28)
- Re: debian bug report on bind9 DoS Robert Buchholz (Jul 28)
- Re: debian bug report on bind9 DoS Nico Golde (Jul 29)
- Re: debian bug report on bind9 DoS Solar Designer (Jul 29)
- Re: debian bug report on bind9 DoS Solar Designer (Jul 29)
- Re: debian bug report on bind9 DoS Thijs Kinkhorst (Jul 28)