Confused about CVE-2013-2266
Red Cricket
red.cricket.blog at gmail.com
Thu Apr 4 19:45:32 UTC 2013
Hi,
I am sorry for being so dense but I am confused about what to do about
protecting my BIND DNS servers running 9.9.1-P4 from the regex issue.
The link https://kb.isc.org/article/AA-00871 says this ...
Impact:
... Intentional exploitation of this condition can cause denial of service
in all authoritative and recursive nameservers running affected versions of
BIND 9 [all versions of BIND 9.7, BIND 9.8.0 through 9.8.5b1 (inclusive)
and BIND9.9.0 through BIND 9.9.3b1 (inclusive)].
OK ... I run 9.9.1-P4 so my DNS server could be affected by this issue.
But later on in the link it says ...
Solution:
Compile BIND 9 without regular expression support as described in the
"Workarounds" section of this advisory or upgrade to the patched release
most closely related to your current version of BIND. These can be
downloaded from http://www.isc.org/downloads/all.
* BIND 9 version 9.9.2-P2
But its 9.9.2-P2 with in BIND9.9.0 through BIND 9.9.3b1? So is 9.9.2-P2
also affected? If I build from the 9.9.2-P2 tarball do I need to patch the
config.h as discussed in the "Workarounds" section?
Thanks
Red
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130404/2c8107b5/attachment-0001.html>
More information about the bind-users
mailing list