Jan Kundrát wrote:
Michael Mansour wrote:
Is this something real and to be concerned about?
Yes, it crashed our named instance running on a freshly updated SL5.2.
For reference, exploit is available from the Debian bugtracker [1]. Note
that the iptables snippet won't work on SL because it doesn't have the
u32 iptables module.
Cheers,
-jkt
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975
For those interested, an upstream bug together with a patch is available
here:
https://bugzilla.redhat.com/show_bug.cgi?id=514292
