RedShift napsal(a):> According to a commenter, this should provide a temporary countermeasure:> > iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32 '30>>27&0xF=5'> > Haven't tested it, would like to know the results...> Well, good point, but Centos does not ship libipt_u32.so. Even moreCentos 4.x is now undergoing rebuild process, so no updates evensecurity updates are being released. Which is something I can accept. Those looking for patched bind for Centos 4.x may use packages I havebuilt with CVE-2009-0696 patch.http://fs12.vsb.cz/hrb33/el4/hrb/testing/i386/repoview/letter_b.group.htmlhttp://fs12.vsb.cz/hrb33/el4/hrb/testing/x86_64/repoview/letter_b.group.html Regards,David Hrbáč _______________________________________________CentOS mailing listCentOS@xxxxxxxxxxxxxx://lists.centos.org/mailman/listinfo/centos
Re: BIND vulnerability
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: CentOS mailing list <centos@xxxxxxxxxx>
- Subject: Re: BIND vulnerability
- From: David Hrbáč <hrbac.conf@xxxxxxxxx>
- Date: Wed, 29 Jul 2009 18:59:01 +0200
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <4A707A84.9040502@xxxxxxxxxx>
- References: <0B07E10AFF88EF38FC543817@[10.169.6.155]> <4A707A84.9040502@xxxxxxxxxx>
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; cs; rv:1.8.1.22) Gecko/20090605 Lightning/0.9 Thunderbird/2.0.0.22 Mnenhy/0.7.6.666
- Follow-Ups:
- Re: BIND vulnerability
- From: Lucian@xxxxxxxxxxx
- Re: BIND vulnerability
- References:
- BIND vulnerability
- From: Kenneth Porter
- Re: BIND vulnerability
- From: RedShift
- BIND vulnerability
- Prev by Date: Software RAID-1 partition constantly syncing
- Next by Date: mod_perl2 and DBD::SQLite
- Previous by thread: Re: BIND vulnerability
- Next by thread: Re: BIND vulnerability
- Index(es):
 |