현재 위치

›› Forums ›› 이슈 ›› 뉴스, 새소식

BIND 일부버전에서 DoS 취약성 발견

까나리의 이미지
글쓴이: 까나리 / 작성시간: 화, 2005/02/01 - 12:27오후

BIND 8.4.4 와 8.4.5 는 8.4.6 으로
BIND 9.3.0 은 9.3.1 로 업그레이드 하시기 바랍니다.

출처 : http://www.isc.org/index.pl?/sw/bind/bind-security.php

Quote:
Name: "BIND: Self Check Failing
[Added 2005.25.01]
Versions affected: BIND 9.3.0
Severity: LOW
Exploitable: Remotely
Type: Denial of Service
Description:

An incorrect assumption in the validator (authvalidated) can result in a REQUIRE (internal consistancy) test failing and named exiting.

Workarounds:

Turn off dnssec validation (off by default) at the options/view level.

dnssec-enable no;

Active Exploits:

None known

Fix:

Upgrade to BIND 9.3.1
http://www.isc.org/sw/bind/

Name: "BIND:
[Added 2005.25.01]
Versions affected: BIND 8.4.4 and 8.4.5 *only*
Severity: LOW
Exploitable: Remotely
Type: Denial of Service
Description:

It is possible to overrun the q_usedns array which is used to track nameservers / addresses that have been queried.

Workarounds:

Disable recursion and glue fetching.

Active Exploits:

None known

Fix:

Upgrade to BIND 8.4.6
http://www.isc.org/sw/bind/

Forums: 
뉴스, 새소식

둘러보기