Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 29th March 2013
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,506
Default Critical vulnerability in BIND 9 regular expression handling

From http://h-online.com/-1832816

It has been revealed that a malicious regular expression can cause a denial-of-service of the open source BIND DNS server on Linux and Unix systems. Other programs using BIND's libdns are also potentially vulnerable to the same attack. The critical bug allows attacker to cause excessive memory consumption by the named process which could lead to the daemon using all available memory on the affected machine; this could lead to the crashing of BIND and detrimentally affect other services running on the same server.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security BIND DNS server updates close critical hole J65nko News 0 10th October 2012 09:42 PM
Security Critical PHP vulnerability being fixed J65nko News 1 3rd February 2012 01:27 PM
High Severity BIND Vulnerability Advisory Issued J65nko News 2 24th February 2011 02:55 AM
Google releases RE2 Regular Expression Library for C++ J65nko News 0 13th March 2010 05:04 PM
PHP regular expression help cajunman4life Programming 2 16th August 2008 05:17 PM

All times are GMT. The time now is 10:39 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick