Internet Systems Consortium Security Advisory: BIND: Buffer Overrun (q_usedns).

Mark Andrews Mark_Andrews at
Wed Jan 26 04:54:31 UTC 2005

		Internet Systems Consortium Security Advisory.
			BIND: Buffer Overrun (q_usedns).
			     17 November 2004

        Versions affected:
                BIND 8.4.4 and 8.4.5
        Severity: LOW
        Exploitable: Remotely
        Type: denial of service

		It is possible to overrun the q_usedns array which
		is used to track nameservers / addresses that have
		been queried.


		Disable recursion and glue fetching.


		Upgrade to BIND 8.4.6

	See also:

More information about the bind-announce mailing list