[CentOS] BIND vulnerability

Wed Jul 29 16:59:01 UTC 2009
David Hrbáč <hrbac.conf at seznam.cz>

RedShift napsal(a):
> According to a commenter, this should provide a temporary countermeasure:
> iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32 '30>>27&0xF=5'
> Haven't tested it, would like to know the results...

Well, good point, but Centos does not ship libipt_u32.so. Even more
Centos 4.x is now undergoing rebuild process, so no updates even
security updates are being released. Which is something I can accept.

Those looking for patched bind for Centos 4.x may use packages I have
built with CVE-2009-0696 patch.

David Hrbáč