Hadn't seen this on here yet. Lebbeous Weekley ----- "Mark Andrews" <Mark_Andrews@xxxxxxx> wrote: > Internet Systems Consortium Security Advisory. > BIND 9: dereferencing freed fetch context > 12 January 2007 > > Versions affected: > > BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3 > BIND 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6, > 9.4.0b1 > 9.4.0b2, 9.4.0b3, 9.4.0b4, 9.4.0rc1 > BIND 9.5.0a1 (Bind Forum only) > > Severity: Low > Exploitable: Remotely > > Description: > > It is possible for the named to dereference (read) a freed > fetch context. This can cause named to exit unintentionally. > > Workaround: > > Disable / restrict recursion (to limit exposure). > > Fix: > > Upgrade to BIND 9.2.8, BIND 9.3.4 or BIND 9.4.0rc2. > Additionally this will be fixed in the upcoming BIND 9.5.0a2. > > Revision History:
