Your message dated Sat, 15 Mar 2008 09:44:19 -0600
with message-id <[EMAIL PROTECTED]>
and subject line Re: Bug#408432: BIND remote exploit
has caused the Debian Bug report #408432,
regarding BIND remote exploit
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
408432: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=408432
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: bind9
Version: 9.2.4-1sarge1 9.3.2-P1.0-1 9.3.3-1 9.4.0~rc1.0-3
Tags: security
Severity: grave
Hello
They say "severity low" but if someone causes all nameservers
of my internet provider to "exit unintentionally" continuously,
I guess that becomes a pretty big problem :-)
bye,
-christian-
> ----- "Mark Andrews" <[EMAIL PROTECTED]> wrote:
> > Internet Systems Consortium Security Advisory.
> > BIND 9: dereferencing freed fetch context
> > 12 January 2007
> >
> > Versions affected:
> >
> > BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3
> > BIND 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6, 9.4.0b1
> > 9.4.0b2, 9.4.0b3, 9.4.0b4, 9.4.0rc1
> > BIND 9.5.0a1 (Bind Forum only)
> >
> > Severity: Low
> > Exploitable: Remotely
> >
> > Description:
> >
> > It is possible for the named to dereference (read) a freed
> > fetch context. This can cause named to exit unintentionally.
> >
> > Workaround:
> >
> > Disable / restrict recursion (to limit exposure).
> >
> > Fix:
> >
> > Upgrade to BIND 9.2.8, BIND 9.3.4 or BIND 9.4.0rc2.
> > Additionally this will be fixed in the upcoming BIND 9.5.0a2.
--- End Message ---
--- Begin Message ---
Version: 1:9.3.4-2
lamont
--- End Message ---
