Colin Percival wrote:
Chuck Swiger wrote:
I've been bitten by CVE-2006-4096, and have applied the workaround to
limit the # of outstanding queries. I've got two nameservers tracking
5-STABLE which were vulnerable to CVE-2006-4095
You realize that these two issues were addressed in FreeBSD-SA-06:20.bind
on September 6th, right?
Yes-- although it's not entirely clear that the problem of named terminating
when exposed to high query rates has been entirely fixed, which is why I
mentioned the additional 2007 CVE and am using "adnslogres -c 50" rather than
200 or 1000.
% grep Id /usr/src/contrib/bind9/bin/named/query.c
/* $Id: query.c,v 1.198.2.13.4.43 2006/08/31 03:57:11 marka Exp $ */
% named -v
BIND 9.3.2
% head /etc/stable-supfile
*default host=cvsup9.FreeBSD.org
*default base=/usr
*default prefix=/usr
*default release=cvs tag=RELENG_5
*default delete use-rel-suffix
--
-Chuck
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
