LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Denial of service vulnerability in version 9 of BIND

Package(s):bind CVE #(s):CAN-2002-0400
Created:June 5, 2002 Updated:August 19, 2002
Description: Here is an advisory from the Computer Emergency Response Team (CERT) regarding the denial of service vulnerability in version 9 of the BIND nameserver, up to 9.2.1. An attacker can send a properly crafted packet which triggers a check within BIND and causes it to shut down. The vulnerability can not be exploited for any purpose beyond denial of service, but that is bad enough; if you are running BIND 9, an upgrade is probably a good idea.

Note that many or most systems out there will still be running BIND 8, and thus will not be vulnerable.

News articles on the vulnerability appear in the Register and Network World Fusion News.

Alerts:
Mandrake MDKSA-2002:038-1 2002-08-15
Yellow Dog YDU-20020606-6 2002-06-06
Conectiva CLA-2002:494 2002-06-06
SuSE SuSE-SA:2002:021 2002-06-06
Mandrake MDKSA-2002:038 2002-06-04
Red Hat RHSA-2002:105-09 2002-06-04
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds