Bind 8.2.3 dies....

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Thu Mar 15 22:09:06 UTC 2001


	Look at Versions affected, "and all 8.2.3-betas".

	Also please please please when you put a version in the subject
	make it complete.

	Mark

	http://www.isc.org/products/BIND/bind-security.html

Name: "tsig bug"

Versions affected:
	8.2, 8.2-P1, 8.2.1, 8.2.2-P1, 8.2.2-P2, 8.2.2-P3, 8.2.2-P4,
	8.2.2-P5, 8.2.2-P6, 8.2.2-P7, and all 8.2.3-betas
Severity: CRITICAL
Exploitable: Remotely
Type: Access possible.
Description:
	 It is possible to overflow a buffer handling TSIG signed
	 queries, thereby obtaining access to the system.
Workarounds: None. 
Active Exploits: Exploits for this bug exist. 

	Mark
> 
>         All,
> 
>         Been having a problem with bind 8.2.3-T6B dying with either sig 10
> or 11 at random
> times. Not sure if this version is affected by the CERT advisory or not
> though. (Did not think
> it was) any ideas on this? I'm not planning a migration to bind 9.1.1 until
> things stabilize with it,
> so I need options on fixing this.
> 
> Michael "Roadancer" Shoupe
> Network Security Manager
> PSINet Hosting Services
> 703-456-7666
> roadie at psi.com
> 
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com


More information about the bind-users mailing list