[CentOS] BIND vulnerability

Wed Jul 29 16:36:20 UTC 2009
RedShift <redshift at pandora.be>

Kenneth Porter wrote:
> Slashdot carried this story yesterday on a BIND vulnerability:
> 
> <http://it.slashdot.org/story/09/07/29/0028231/New-DoS-Vulnerability-In-All-Versions-of-BIND-9>
> 

According to a commenter, this should provide a temporary countermeasure:

iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32 '30>>27&0xF=5'

Haven't tested it, would like to know the results...


Glenn



> The upstream report:
> 
> <https://www.isc.org/node/474>
> 
> Red Hat's Bugzilla:
> 
> <https://bugzilla.redhat.com/show_bug.cgi?id=514292>
> 
>>From what I'm reading, if one has an Internet-facing master for a zone, one 
> is vulnerable, even if dynamic DNS isn't being used.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 
>