From a24567fbc43f221b14e805f9bc0b7c6d16911c46 Mon Sep 17 00:00:00 2001 From: Alex Legler Date: Sun, 8 Mar 2015 22:02:38 +0100 Subject: Import existing advisories --- glsa-200609-11.xml | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 glsa-200609-11.xml (limited to 'glsa-200609-11.xml') diff --git a/glsa-200609-11.xml b/glsa-200609-11.xml new file mode 100644 index 00000000..df5d9fd0 --- /dev/null +++ b/glsa-200609-11.xml @@ -0,0 +1,81 @@ + + + + + + + BIND: Denial of Service + + ISC BIND contains two vulnerabilities allowing a Denial of Service under + certain conditions. + + bind + September 15, 2006 + September 15, 2006: 01 + 146486 + remote + + + 9.3.2-r4 + 9.2.6-r4 + 9.3.2-r4 + + + +

+ ISC BIND is the Internet Systems Consortium implementation of the + Domain Name System (DNS) protocol. +

+ + +

+ Queries for SIG records will cause an assertion error if more than one + SIG RRset is returned. Additionally, an INSIST failure can be triggered + by sending multiple recursive queries if the response to the query + arrives after all the clients looking for the response have left the + recursion queue. +

+ + +

+ An attacker having access to a recursive server can crash the server by + querying the SIG records where there are multiple SIG RRsets, or by + sending many recursive queries in a short time. The exposure can be + lowered by restricting the clients that can ask for recursion. An + attacker can also crash an authoritative server serving a DNSSEC zone + in which there are multiple SIG RRsets. +

+ + +

+ There are no known workarounds at this time. +

+ + +

+ All BIND 9.3 users should update to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/bind-9.3.2-r4" +

+ All BIND 9.2 users should update to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/bind-9.2.6-r4" + + + CVE-2006-4095 + CVE-2006-4096 + + + falco + + + falco + + + jaervosz + + -- cgit v1.2.3-65-gdbad