| |
|
|
ISC Information for VU#803539
Vendor StatementAll versions of BIND 4 from 4.8.1 prior to BIND 4.9.9 are vulnerable.All versions of BIND 8 prior to BIND 8.2.6 are vulnerable. ftp://ftp.isc.org/isc/bind/src/4.9.9/ ftp://ftp.isc.org/isc/bind/src/8.2.6/ ftp://ftp.isc.org/isc/bind/src/8.3.3/ ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.3.3/ BIND 9 contains a copy of the BIND 8.3.x resolver library (lib/bind). This will be updated with the next BIND 9 releases (9.2.2/9.3.0) in the meantime please use the original in BIND 8.3.3. Vendors wishing additional patches should contact bind-bugs@isc.org. Query about BIND 4 and BIND 8 should be addressed to bind-bugs@isc.org. Query about BIND 9 should be addressed to bind9-bugs@isc.org. US-CERT AddendumThe resolver library included in BIND 9.2.0 and 9.2.1 is a copy of the vulnerable resolver library included with BIND 8.3.x. In BIND 9, the vulnerable 8.3.x resolver library (libbind) is not built or installed by default unless BIND 9 is configured with the "--enable-libbind" option. BIND 9.2.2 is not vulnerable since it includes the updated resolver library (libbind) from BIND 8.3.3.ISC has documented this issue on the BIND Vulnerabilities page of the ISC web site under the heading "libbind buffer overflow" and in a status update to the bind-announce mailing list.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
 | |||||||||||||||||
 |
||||||||||||||||||||
