ISC Information for VU#308891

OpenSSL contains multiple buffer overflows in buffers that are used to hold ASCII representations of integers



Vendor Statement

ISC Vendor statememt.

BIND 4, BIND 8 and BIND 9.0.x are not vulnerable.

BIND 9.1.x ship with a copy of the vulnerable sections of OpenSSL crypto
library (obj_dat.c and asn1_lib.c).
Please upgrade to BIND 9.2.x and/or relink with a fixed version OpenSSL.
e.g. configure --with-openssl=/path/to/fixed/openssl
Vendors shipping product based on BIND 9.1 should contact

BIND 9.2.x is vulnerable if linked against a vulnerable library.  By default
BIND 9.2 does not link against OpenSSL.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.