Re: [CentOS] BIND vulnerability

29 Jul 2009


      Kenneth Porter wrote:
...
Slashdot carried this story yesterday on a BIND vulnerability:
http://it.slashdot.org/story/09/07/29/0028231/New-DoS-Vulnerability-In-All-Versions-of-BIND-9
According to a commenter, this should provide a temporary countermeasure:
iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32 '30>>27&0xF=5'
Haven't tested it, would like to know the results...
Glenn
...
The upstream report:
https://www.isc.org/node/474
Red Hat's Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=514292
...
From what I'm reading, if one has an Internet-facing master for a zone, one
is vulnerable, even if dynamic DNS isn't being used.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [CentOS] BIND vulnerability