Red Hat Inc. Information for VU#581682
ISC BIND 8 fails to properly dereference cache SIG RR elements with invalid expiry times from the internal database
- Vendor Information Help Date Notified: 12 Nov 2002
- Statement Date:
- Date Updated: 13 Nov 2002
Older releases (6.2, 7.0) of Red Hat Linux shipped with versions of BIND which may be vulnerable to these issues however a Red Hat security advisory in July 2002 upgraded all our supported distributions to BIND 9.2.1 which is not vulnerable to these issues.
All users who have BIND installed should ensure that they are running these updated versions of BIND.
http://rhn.redhat.com/errata/RHSA-2002-133.html Red Hat Linux
http://rhn.redhat.com/errata/RHSA-2002-119.html Advanced Server 2.1
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.