What about BIND 9.3.4 in FreeBSD in base system ?
Chuck Swiger
cswiger at mac.com
Thu Feb 1 21:55:37 UTC 2007
Colin Percival wrote:
> Chuck Swiger wrote:
>> I've been bitten by CVE-2006-4096, and have applied the workaround to
>> limit the # of outstanding queries. I've got two nameservers tracking
>> 5-STABLE which were vulnerable to CVE-2006-4095
>
> You realize that these two issues were addressed in FreeBSD-SA-06:20.bind
> on September 6th, right?
Yes-- although it's not entirely clear that the problem of named terminating
when exposed to high query rates has been entirely fixed, which is why I
mentioned the additional 2007 CVE and am using "adnslogres -c 50" rather than
200 or 1000.
% grep Id /usr/src/contrib/bind9/bin/named/query.c
/* $Id: query.c,v 1.198.2.13.4.43 2006/08/31 03:57:11 marka Exp $ */
% named -v
BIND 9.3.2
% head /etc/stable-supfile
*default host=cvsup9.FreeBSD.org
*default base=/usr
*default prefix=/usr
*default release=cvs tag=RELENG_5
*default delete use-rel-suffix
--
-Chuck
More information about the freebsd-security
mailing list