* Assertion failure in ISC BIND SIG query processing (CVE-2006-4095)
- Recursive servers
Queries for SIG records will trigger an assertion failure if more
than one RRset is returned. However exposure can be minimized by
restricting which sources can ask for recursion.
- Authoritative servers
If a nameserver is serving a RFC 2535 DNSSEC zone and is queried
for the SIG records where there are multiple RRsets, then the
named program will trigger an assertion failure when it tries
to construct the response.
* INSIST failure in ISC BIND recursive query handling code (CVE-2006-4096)
It is possible to trigger an INSIST failure by sending enough
recursive queries such that the response to the query arrives after
all the clients waiting for the response have left the recursion
queue. However exposure can be minimized by restricting which sources
can ask for recursion.
ok'ed christos@
- sprintf() can return negative value on error, so p += sprintf(p, blah)
is unsafe
- signed/unsigned mixup
- wrong assumption: sizeof(time_t) <= sizeof(int)
- need to init errno to 0 before strtoul()
then checking that against ULONG_MAX. Instead use a "unsigned long"
as the temporary variable. Then check against UINT32_MAX before
assigning back to the original variable.
Make sure that each va_start has one and only one matching va_end,
especially in error cases.
If the va_list is used multiple times, do multiple va_starts/va_ends.
If a function gets va_list as argument, don't let it use va_end (since
it's the callers responsibility).
Improved by comments from enami and christos -- thanks!
Heimdal/krb4/KAME changes already fed back, rest to follow.
Inspired by, but not not based on, OpenBSD.
revision 1.3
date: 1999/02/22 02:37:27; author: mrg; state: Exp; lines: +19 -1
if we are chrooting, write a symlink for the pid file so that ndc, etc,
continue to work as normal. this allows named to run in a chroot jail
with zero loss of functionality.
he