Red Hat Bugzilla – Bug 224443
CVE-2007-0493 BIND might crash after attempting to read free()-ed memory
Last modified: 2013-04-30 19:35:12 EDT
Description of problem:
fetchctx structures, not keeping count of its uses, might be read
even after beind deallocated resulting in name server denial of
service under certain circumstances.
Version-Release number of selected component (if applicable):
Unclear whether this issue also affects 3.2 BIND, besides 3.3.
For sure affects FC-5, FC-6 and RHEL-5
Steps to Reproduce:
No known way to reproduce. The advisory notes, that the issue can be
partly mitigated by disabling recursion, so probably some deep recursive
queries might trigger the bug?
What would you expect from read of deallocated memory? :)
ISC sucks at providing either patches or information about the flaws.
The attached patch incorporates another fix which changes roughly the
Created attachment 146596 [details]
Fix for BIND out-of bound read DoS sucked from upstream BIND release
It looks like this update has been released for FC6, but has not been fixed in
Looks like updates for these issues have been issued now for both FC5 and