From owner-freebsd-questions@FreeBSD.ORG Wed Jul 25 00:47:27 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4489B16A41A for ; Wed, 25 Jul 2007 00:47:27 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx21.fluidhosting.com [204.14.89.4]) by mx1.freebsd.org (Postfix) with SMTP id 0192313C461 for ; Wed, 25 Jul 2007 00:47:26 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: (qmail 9391 invoked by uid 399); 25 Jul 2007 00:20:46 -0000 Received: from localhost (HELO lap.dougb.net) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTP; 25 Jul 2007 00:20:46 -0000 X-Originating-IP: 127.0.0.1 Message-ID: <46A6975C.6000201@FreeBSD.org> Date: Tue, 24 Jul 2007 17:20:44 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 2.0.0.5 (X11/20070723) MIME-Version: 1.0 To: "Simon L. Nielsen" , freebsd-security@FreeBSD.org, FreeBSD Security Team References: <20070724234636.GA6738@zaphod.nitro.dk> In-Reply-To: <20070724234636.GA6738@zaphod.nitro.dk> X-Enigmail-Version: 0.95.1 OpenPGP: id=D5B2F0FB Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: FreeBSD Questions , Jeffrey Goldberg Subject: Re: Waiting for BIND security announcement X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-security@FreeBSD.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jul 2007 00:47:27 -0000 Simon L. Nielsen wrote: > [freebsd-security@ CC'ed to avoid answering the same there again > shorly :) - if following up, please drop either freebsd-questions or > freebsd-securiy to avoid "spamming" both lists] > > On 2007.07.24 18:15:43 -0500, Jeffrey Goldberg wrote: > >> As I'm sure many people know there is a newly discovered BIND vulnerability >> allowing cache injection (pharming). See I think it's worth pointing out that cache injection and pharming are not the same thing, although cache injection can be used as part of a pharming attack. I also think it's worth noting that this isn't an "all your queries are belong to us" type of attack. The attack involves _predicting_ query id numbers which at _best_ will be successful only once in 16 tries. Then you have to actually time it right so that you can use your guess. Still, it is worth upgrading to avoid this issue. >> http://www.isc.org/index.pl?/sw/bind/bind-security.php >> >> for details. >> >> The version of bind on 6.2, 9.3.3, RELENG_6 was updated shortly after the release of 9.3.4. I'll be updating RELENG_[56] with the new 9.3.4-P1 version after I'm done regression testing it, which should be some time tonight. Same for updating HEAD with 9.4.1-P1. The ports for bind9 and bind94 are already updated, so those with urgent needs can use that route to upgrade immediately. hope this helps, Doug -- This .signature sanitized for your protection