Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090729131509.GA28862@openwall.com>
Date: Wed, 29 Jul 2009 17:15:09 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: debian bug report on bind9 DoS

Just in case anyone cares to have another confirmation:

On Wed, Jul 29, 2009 at 12:04:36AM +0200, Robert Buchholz wrote:
> The crash is not limited to configurations that allow updates.
> The ISC advisory states so as well, and I could reproduce the DoS on a 
> static named instance by removing the "$packet->sign_tsig(...)" line in 
> the exploit.

Confirmed on 9.3.5-P2 (removing the "$packet->sign_tsig(...)" line from
the exploit as above) with whatever patches we happened to have until
this latest fix.

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.