Description of problem: fetchctx structures, not keeping count of its uses, might be read even after beind deallocated resulting in name server denial of service under certain circumstances. Version-Release number of selected component (if applicable): Unclear whether this issue also affects 3.2 BIND, besides 3.3. For sure affects FC-5, FC-6 and RHEL-5 How reproducible: Hardly ever. Steps to Reproduce: No known way to reproduce. The advisory notes, that the issue can be partly mitigated by disabling recursion, so probably some deep recursive queries might trigger the bug? Actual results: Server DoS? Expected results: What would you expect from read of deallocated memory? :) Additional info: ISC sucks at providing either patches or information about the flaws. The attached patch incorporates another fix which changes roughly the same code.
Created attachment 146596 [details] Fix for BIND out-of bound read DoS sucked from upstream BIND release
It looks like this update has been released for FC6, but has not been fixed in FC5 yet.
Looks like updates for these issues have been issued now for both FC5 and FC6. FC6: FEDORA-2007-147 http://www.redhat.com/archives/fedora-package-announce/2007- January/msg00153.html FC5: FEDORA-2007-164 http://www.redhat.com/archives/fedora-package-announce/2007- January/msg00180.html