ep's blog

ISC BIND 9 vulnerable to denial of service via dynamic update request [Net #1026]

http://www.kb.cert.org/vuls/id/725188

"By sending a specially-crafted dynamic update packet to a BIND 9
server, a remote, unauthenticated attacker can cause a denial of service
by causing BIND to crash."

This vulnerability is fixed in "ISC BIND versions 9.4.3-P3, 9.5.1-P3,
and BIND 9.6.1-P1."

Please report which versions of BIND we are using so that we can assess
our exposure.

Thanks,
Brian

Linux Kernel 'e1000/e1000_main.c' Remote Denial of Service Vulnerability

http://www.securityfocus.com/bid/35185/info

"The Linux kernel is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue via crafted packets to cause a kernel
panic, denying service to legitimate users."

Multiple 2.6 kernel versions. Since this could lead to a major denial
of service, it is recommended that machines using the e1000 driver be
patched as soon as possible.

CUPS PDF File Multiple Heap Buffer Overflow Vulnerabilities

http://www.securityfocus.com/bid/35195

"CUPS is prone to multiple heap-based buffer-overflow vulnerabilities
because it fails to properly bounds-check user-supplied input before
copying it into a finite-sized buffer.

Exploiting these issues may allow remote attackers to execute arbitrary
code in the context of the affected application. Failed exploit attempts
will likely cause denial-of-service conditions."

Pages