Mandrake Linux Security Advisory : bind (MDKSA-2000:067)
Medium Nessus Plugin ID 61853
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA vulnerability exists with the bind nameserver dealing with compressed zone transfers. This vulnerability can be exploited by authorized zone transfers and used in a DoS attack. The named daemon will crash if it receives this type of zone transfer from an authorized source address. The crash is not necessarily immediate, but can range from a few seconds to a few minutes from the time of the attack.
This new version of bind also fixes a bug in the handling of the compression pointer tables which can result in the nameserver entering an infinite loop. This bug has been known to occur in the standard processing of SRV records used with Windows 2000 Active Directory.
All Linux-Mandrake users are encouraged to upgrade bind immediately.
SolutionUpdate the affected bind, bind-devel and / or bind-utils packages.