Internet Systems Consortium Security Advisory: BIND: Buffer Overrun (q_usedns).

Mark Andrews Mark_Andrews at isc.org
Wed Jan 26 04:54:31 UTC 2005


		Internet Systems Consortium Security Advisory.
			BIND: Buffer Overrun (q_usedns).
			     17 November 2004

        Versions affected:
                BIND 8.4.4 and 8.4.5
        Severity: LOW
        Exploitable: Remotely
        Type: denial of service
	Description:

		It is possible to overrun the q_usedns array which
		is used to track nameservers / addresses that have
		been queried.

	Workaround:

		Disable recursion and glue fetching.

	Fix:

		Upgrade to BIND 8.4.6
		http://www.isc.org/sw/bind/

	See also:
		http://www.kb.cert.org/vuls/id/327633



More information about the bind-announce mailing list