CVE-2013-3919 [was Re: resolver.c:4858: fatal error]
Mark Andrews
marka at isc.org
Wed Jun 5 02:35:54 UTC 2013
In message <3FC34FF5-E0BE-4A64-A2FB-DCE6025E49FF at kumari.net>, Warren Kumari wri
tes:
> Can you / ISC confirm that authoritative only (recursion no) are not affected
> ?
>
> The implication from the advisory is that they are not, but explicit confirma
> tion would be nice...
>
> Warren Kumari
> ------
> Please excuse typing, etc -- This was sent from a device with a tiny keyboard
> .
Authoritative servers make queries as a side effect of normal
processing. The answers to those queries (excluding refresh queries)
are processed the same way as recursive queries are processed. So
yes authoritative servers are vulnerable.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list