Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

NetBSD update for BIND

Dec 17, 2003 12:22AM PST

Impact: DoS

Where: From local network



OS: NetBSD 1.x




CVE reference: CAN-2003-0914



Description:
NetBSD has issued updated packages for bind. These fix a vulnerability, which can be exploited by malicious people to poison the DNS cache with negative entries.

For more information:
SA10300

The vulnerability affects the following versions:
* NetBSD-current (source prior to Nov 27, 2003)
* NetBSD 1.6.2_RC2
* NetBSD 1.6.2_RC1
* NetBSD 1.6
* NetBSD-1.5.3
* NetBSD-1.5.2
* NetBSD-1.5.1
* NetBSD-1.5
* pkgsrc (bind8 packages prior to 8.4.3)

Solution:
The vulnerability has been addressed in the following versions:
* NetBSD-current (Nov 27, 2003)
* NetBSD-1.6.2_RC3
* NetBSD-1.5 branch (Nov 28, 2003)
* pkgsrc (bind8-8.4.3)

Original Advisory:
ftp://ftp.netbsd.org/pub/NetBSD/...sories/NetBSD-SA2003-018.txt.asc

http://www.secunia.com/advisories/10450/

Discussion is locked