subject:"About CVE\-2015\-5477 \(An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure\)"

Re: About CVE-2015-5477 (An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure)

2015-07-28 Thread /dev/rob0

On Tue, Jul 28, 2015 at 07:06:16PM -0400, Ben Croswell wrote: Is it safe to say the only vulnerable hosts would be those accepting queries from the outside world, or would this also pertain servers getting responses from the outside world with no inbound queries? I would ask where does the

Re: About CVE-2015-5477 (An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure)

2015-07-28 Thread Ben Croswell

Is it safe to say the only vulnerable hosts would be those accepting queries from the outside world, or would this also pertain servers getting responses from the outside world with no inbound queries? On Jul 28, 2015 5:42 PM, Michael McNally mcna...@isc.org wrote: As the security incident

About CVE-2015-5477 (An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure)

2015-07-28 Thread Michael McNally

As the security incident manager for this particular vulnerability notification, I'd like to say a little extra, beyond our official vulnerability disclosure (https://kb.isc.org/article/AA-01272) about this critical defect in BIND. Many of our bugs are limited in scope or affect only users having