Date: Mon, 26 Mar 2001 13:46:22 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Bill Moran <wmoran@iowna.com> Cc: Kris Kennaway <kris@obsecurity.org>, freebsd-questions@freebsd.org Subject: Re: HEADS UP: BIND 8.2.3 INSECURITY (Re: BIND 8.2.3 Crashing Question) Message-ID: <20010326134622.B7648@xor.obsecurity.org> In-Reply-To: <3ABF62CC.1A8846ED@iowna.com>; from wmoran@iowna.com on Mon, Mar 26, 2001 at 10:39:56AM -0500 References: <Pine.BSF.4.21.0103242222120.391-100000@shazam.int> <3ABE1342.4A9CDFFF@iowna.com> <20010325143048.C45772@xor.obsecurity.org> <3ABF62CC.1A8846ED@iowna.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--/NkBOFFp2J2Af1nK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Mar 26, 2001 at 10:39:56AM -0500, Bill Moran wrote: > 1. Can anyone direct me to a specific place where I can find details on > the exploits? The best information I've found so far today is on ISC's > site and all they say is that this is "critical" and "exploitable". I > need to know just how potentially exploitable, so I can assess whether > or not to be concerned that the internal network may have been > compromised. Check bugtraq on www.securityfocus.com. Sorry, I don't have an exact URL. The answer is "very exploitable", as in "can't be worked around", although if you can run bind as a non-privileged user in a chroot then it mitigates the effects a bit. The FreeBSD advisory gives a pointer on how to do this, I believe. Kris --/NkBOFFp2J2Af1nK Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6v7itWry0BWjoQKURAnb0AJ4z5o6NvP2L05YseeXfmaTyRfT8vACcDrMy b9nvPbFoWRsZBjaHibwJHJo= =ydJB -----END PGP SIGNATURE----- --/NkBOFFp2J2Af1nK-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010326134622.B7648>