[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Internet Systems Consortium Security Advisory: BIND: Buffer Overrun (q_usedns).



		Internet Systems Consortium Security Advisory.
			BIND: Buffer Overrun (q_usedns).
			     17 November 2004

        Versions affected:
                BIND 8.4.4 and 8.4.5
        Severity: LOW
        Exploitable: Remotely
        Type: denial of service
	Description:

		It is possible to overrun the q_usedns array which
		is used to track nameservers / addresses that have
		been queried.

	Workaround:

		Disable recursion and glue fetching.

	Fix:

		Upgrade to BIND 8.4.6
		http://www.isc.org/sw/bind/

	See also:
		http://www.kb.cert.org/vuls/id/327633