LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

The Android Dev Phone 1

LWN.net Weekly Edition for December 25, 2008

The Grumpy Editor's 2008 retrospective

The 2008 Linux and free software timeline

LWN.net Weekly Edition for December 18, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

OpenPKG alert OpenPKG-SA-2007.014 (bind)



From:
    	      OpenPKG GmbH <openpkg-noreply@openpkg.com>


To:
    	      openpkg-announce@openpkg.org


Subject:
    	      [OpenPKG-SA-2007.014] OpenPKG Security Advisory (bind)


Date:
    	      Thu, 17 May 2007 22:47:41 +0200


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

____________________________________________________________________________

Publisher Name:          OpenPKG GmbH
Publisher Home:          http://openpkg.com/

Advisory Id (public):    OpenPKG-SA-2007.014
Advisory Type:           OpenPKG Security Advisory (SA)
Advisory Directory:      http://openpkg.com/go/OpenPKG-SA
Advisory Document:       http://openpkg.com/go/OpenPKG-SA-2007.014
Advisory Published:      2007-05-17 22:47 UTC

Issue Id (internal):     OpenPKG-SI-20070517.03
Issue First Created:     2007-05-17
Issue Last Modified:     2007-05-17
Issue Revision:          05
____________________________________________________________________________

Subject Name:            bind
Subject Summary:         DNS Server
Subject Home:            http://www.isc.org/sw/bind/
Subject Versions:        9.4.* <= 9.4.0

Vulnerability Id:        CVE-2007-2241
Vulnerability Scope:     global (not OpenPKG specific)

Attack Feasibility:      run-time
Attack Vector:           remote network
Attack Impact:           denial of service

Description:
    As confirmed by the vendor [0], a vulnerability exists in the DNS
    server BIND [1], version 9.4 up to 9.4.1. A sequence of DNS queries
    can cause a recursive nameserver to exit and this way cause a Denial
    of Service (DoS). While it is unlikely these will occur in normal
    operation, an attack can use them to cause the affected versions to
    exit.

References:
    [0] http://www.isc.org/sw/bind/bind-security.php
    [1] http://www.isc.org/sw/bind/
    [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2241
____________________________________________________________________________

Primary Package Name:    bind
Primary Package Home:    http://openpkg.org/go/package/bind

Corrected Distribution:  Corrected Branch: Corrected Package:
OpenPKG Community        CURRENT           bind-9.4.1-20070501
____________________________________________________________________________

For security reasons, this document was digitally signed with the
OpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34)
which you can download from http://openpkg.com/openpkg.com.pgp
or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/.
Follow the instructions at http://openpkg.com/security/signatures/
for more details on how to verify the integrity of this document.
____________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG GmbH <http://openpkg.com/>

iD8DBQFGTL9oZwQuyWG3rjQRAqwHAKCraAIzFlc/KWzDSLkKLapCRQcxrACglrN9
TkwzSXUTo4CN3q+v/Ncaxyc=
=Q0qB
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenPKG                                             http://openpkg.org
Announcement List                         openpkg-announce@openpkg.org
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds