Alan Hargreaves' Weblog
The ramblings of an Australian SaND TSC* Principal Field Technologist
* Solaris and Network Domain Technology Support Centre - The group I work forTags
(update 1) acoustic bind birthday blues bugs cec cec2007 cec2008 china cmt contention cringley debugging dogs dtrace earthquake encumbered-binaries extra flash funny google guitar halloween huron install kids linux liveupgrade locking mdb music mysql newyear niagra openjava opensolaris oracle patches patents percussion performance redhat secondlife security solaris sru sun support sxcr t2 t2000 timeslider ufs upgrade virtualbox windows youtube zfs
Thursday Jul 30, 2009
Interim fixes for Bind Vulnerability VU#725188/CVE-2009-0696 (Updated)
Yesterday I noticed an article titled New DoS Vulnerability in All versions of BIND 9 on slashdot. The article refers to BIND Dynamic Update DoS at the ISC site describing Vulnerability Note VU#725188 - ISC BIND 9 vulnerable to denial of service via dynamic update request.
This very rapidly caused a stir on a few internal mailing lists that I'm on and work on addressing this as
6865903 Updated, P1 network/dns CVE-2009-0696 BIND dynamic update problem
The current status of this within Sun is that the Interim Security Reliefs (ISR) are available from http://sunsolve.sun.com/tpatches for the following releases:
SPARC Platform
- Solaris 10 IDR142522-01
- Solaris 9 IDR142524-01
x86 Platform:
- Solaris 10 IDR142523-01
- Solaris 9 IDR142525-01
Sun Alert 264828 is on its way to be published. When published it will be available from: http://sunsolve.sun.com/search/document.do?assetkey=1-66-264828-1
The fix is planned for build 121 for OpenSolaris/Nevada and we're attempting to get it into the next possible release Support Repository Update (SRU3).
Update 1
It turns out that the Solaris 9 ISR patches rely on an unreleased patch for Solaris 9. Work is underway to get this dependency out quickly,
Posted at 08:37AM Jul 30, 2009 by Alan Hargreaves in Solaris | Comments[4]
Subscribe!
