Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 17 Nov 2011 10:13:41 -0700
From: Vincent Danen <>
Subject: Re: CVE-2011-4313: BIND 9 Resolver crashes after
 logging an error in query.c

* [2011-11-17 02:40:28 +0000] The Fungi wrote:

>On 2011-11-16 23:43:25 +0400 (+0400), Solar Designer wrote:
>> Does anyone readily know if BIND 9.3.x is affected as well?
>While obviously not conclusive, I can say that our 9.3.4-P1.2
>resolvers were not impacted and ran clean through while our 9.5.1-P3
>and 9.6-ESV-R4 resolvers crashed and had to be restarted several
>times overnight.

Our bind maintainer believes that 9.3.6 is affected (but possibly harder
to exploit or via a different vector).

However, he does not believe that 9.2.x and earlier are affected due to
the old DNSSEC implementation (so 9.2.x wouldn't understand current
DNSSEC signatures so would not cache them).

Some further details can be found in our bug:

Vincent Danen / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.