Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 29 Jul 2009 00:04:36 +0200
From: Robert Buchholz <>
Cc: Vincent Danen <>
Subject: Re: debian bug report on bind9 DoS

On Tuesday 28 July 2009, Vincent Danen wrote:
> I don't think
> it's a huge problem with a well-secured bind9 configuration, but
> could be quite problematic for bind config's that allow updates
> without an RNDC key (typical of some dynamic DNS implementations), or
> on a system that has lax enough permissions that the RNDC key is
> exposed.

The crash is not limited to configurations that allow updates.
The ISC advisory states so as well, and I could reproduce the DoS on a 
static named instance by removing the "$packet->sign_tsig(...)" line in 
the exploit.
So the scope of this issue is wider than apparent from the original 


Download attachment "signature.asc " of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.