Does the CVE-2011-1910 vulnerability affect the BIND 9.7.0-P2?
Chris Thompson
cet1 at cam.ac.uk
Fri Jun 10 11:45:52 UTC 2011
On Jun 10 2011, Mark Andrews wrote:
>In message <201106100709.QAA04566 at osspc4.sra.co.jp>, YABUKI Youichi writes:
>> The BIND security advisory for CVE-2011-1910 does not mention
>> about versions 9.7.0, 9.7.0-P1 and 9.7.0-P2.
>> Does the CVE-2011-1910 vulnerability affect these versions?
>
>No, they are not affected.
Then the advice I got from someone else at ISC, that if
if (r.length < 2)
return (ISC_R_NOSPACE);
occurs c. line 188 in lib/dns/ncache.c (as opposed to "r.length < 3"),
then the version is vulnerable, was not complete? Because the 9.7.0*
versions certainly have that code.
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list