Date: Wed, 16 Feb 2011 08:07:00 -0600 From: <Eric_vanGyzen@McAfee.com> To: <freebsd-security@freebsd.org> Subject: BIND 9.7.3 -- TCP DoS in SO_ACCEPTFILTER Message-ID: <35F3A97D5BAF454C84582219ABFAE3EC010AD9A7FB59@AMERDALEXMB1.corp.nai.org>
next in thread | raw e-mail | index | archive | help
The release notes for BIND 9.7.3 contain this:
* A bug in NetBSD and FreeBSD kernels with SO_ACCEPTFILTER enabled
allows for a TCP DoS attack. Until there is a kernel fix, ISC is
disabling SO_ACCEPTFILTER support in BIND. [RT #22589]
The CHANGES file also says:
2996. [security] Temporarily disable SO_ACCEPTFILTER support.
[RT #22589]
Can anyone tell me more? What releases are affected? Is a kernel patch in=
the works?
Thanks in advance,
Eric
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35F3A97D5BAF454C84582219ABFAE3EC010AD9A7FB59>