Internet Systems Consortium Security Advisory.
BIND 9: query_addsoa DoS
30 April 2007
BIND 9.5.0a1, 9.5.0a2, 9.5.0a3
[BIND 9.5.0* have only been released to BIND Forum members]
There are 2 query sequences which can cause a recursive nameserver
Disable recursion if it is not required by your configuration.
Upgrade to BIND 9.4.1 or BIND 9.5.0a4.
Questions should be addressed to firstname.lastname@example.org.
Created attachment 153776 [details]
Extracted patch from 9.4.1
According to ISC, this flaw only affects BIND 9.4.0 and above.
removing embargo, this is public now at
Only rawhide was affected. bind-*9.4.1-1.fc7 is invulnerable
Bind packages as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 were not
affected by this issue.
Fedora packages were updated where needed as explained in comment #5.