tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

ISC BIND Amplification Attack



All:

  Do we want take a position on the recently exploited DNS cache query/
  response amplification?

  NANOG Thread:
  http://www.merit.edu/mail.archives/nanog/msg14428.html

  NetBSD-4 has BIND 9.4.x which features 'additional-from-cache' and
  'allow-query-cache' configuration options.

  Since its not a code issue, but protocol/configuration issue with
  contrib/3rdparty code, I dont think an advisory is called for.  Also,
  major cross-brand merges of contrib/3rdparty code are not common.

  However, its only a matter of time before someone labels this as a
  security vulnerability.

  Maybe just an official position that authoritative nameservers
  running 3.x and 2.x upgrade to BIND 9.5.x via Pkgsrc?

Version Summary:

 NetBSD-5: BIND 9.5.0-P2
 NetBSD-4: BIND 9.4.2-P2
 NetBSD-3: BIND 9.3.5-P1

~BAS


Home | Main Index | Thread Index | Old Index