Red Hat Bugzilla – Bug 58506
bind shipped with RH subject to TSIG buf overflow bug
Last modified: 2007-03-26 23:50:55 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.78 [en] (X11; U; Linux 2.4.9-13custom i686)
Description of problem:
It is possible to overflow a buffer handling TSIG signed queries, thereby
to the system.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.rpm -q bind
Actual Results: bind version 8.2.3-1
Expected Results: bind v8.2.5 or better
Exploits for this bug exist.
The vind shipped with RH7.0, RH7.1 and RH7.2 is vulerable.
7.1 shipped with bind 9.1.0
7.2 shipped with bind 9.1.3
7.0 is still at 8.2.3 though.
And (just checked) 8.2.3 does NOT have this bug. The last version with this
problem was 8.2.2p7, according to the page you mentioned yourself.
The page does mention 8.2.3-betas, which is later than 8.2.2p7.
Is 8.2.3-1 based on one of the 8.2.3-betas?
No, it's based on 8.2.3-RELEASE.