ALT Linux repositórios
S: | 9.16.44-alt1 |
5.0: | 9.3.6-alt5 |
4.1: | 9.3.6-alt4.M41.2 |
+updates: | 9.3.6-alt4.M41.1 |
4.0: | 9.3.6-alt4.M41.1 |
+updates: | 9.3.6-alt4.M41.1 |
3.0: | 9.2.4.rel-alt2 |
Group :: Sistema/Servidores
RPM: bind
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
Patch: bind-9.3.6-up-CVE-2009-0696.patch
Download
Download
CVE-2009-0696: By sending a specially-crafted dynamic update packet to a
BIND 9 server, a remote, unauthenticated attacker can cause a denial of
service by causing BIND to crash.
--- bind/bin/named/update.c
+++ bind/bin/named/update.c
@@ -863,7 +863,11 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
if (type == dns_rdatatype_rrsig ||
type == dns_rdatatype_sig)
covers = dns_rdata_covers(&t->rdata);
- else
+ else if (type == dns_rdatatype_any) {
+ dns_db_detachnode(db, &node);
+ dns_diff_clear(&trash);
+ return (DNS_R_NXRRSET);
+ } else
covers = 0;
/*