Internet Systems Consortium (ISC) announced this morning that the vulnerability announced previously by FreeBSD (CVE-2007-6251, CVE-2008-0122) is considered to be low risk and thus will not be fixed in an immediate patch. Instead ISC will wait until the next version of BIND to roll the fix into production.
The buffer overflow in inet_network(), which is said to affect many versions of BIND since version 8.0, could lead to memory corruption. The memory corruption could result in a denial of service or arbitrary code execution.
Get Slaptijack updates delivered to your Inbox or RSS Reader for free!