ISC BIND TKEY Query Out-Of-Bounds Read Information Disclosure Vulnerability

Josef Moellers jmoellers at suse.de
Wed Jun 16 09:18:31 UTC 2021


Hi all,

On 10.06.21 11:43, Josef Moellers wrote:
> Hi,
> 
> Some time ago, this vulnerability was disclosed, but I cannot find any
> trace of the fix for this in the latest CHANGES file.
> 
> As I need to backport the fix to older versions, can anyone describe
> where and how this was fixed?

So far, I'm still stuck with this problem of backporting the fix.
I'm assuming that the information is not to be disclosed, so I'll try
and tackle it from a different angle:

How do I send a "TKEY Query" in the first place?

If I can do that, I can follow its path through the code and see where
it may hit any out-of-bounds problems.

Thanks in advance,

Josef
-- 
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5
90409 Nürnberg
Germany

(HRB 36809, AG Nürnberg)
Geschäftsführer: Felix Imendörffer


More information about the bind-workers mailing list