Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 26 Mar 2001 13:46:22 -0800
From:      Kris Kennaway <kris@obsecurity.org>
To:        Bill Moran <wmoran@iowna.com>
Cc:        Kris Kennaway <kris@obsecurity.org>, freebsd-questions@freebsd.org
Subject:   Re: HEADS UP: BIND 8.2.3 INSECURITY (Re: BIND 8.2.3 Crashing Question)
Message-ID:  <20010326134622.B7648@xor.obsecurity.org>
In-Reply-To: <3ABF62CC.1A8846ED@iowna.com>; from wmoran@iowna.com on Mon, Mar 26, 2001 at 10:39:56AM -0500
References:  <Pine.BSF.4.21.0103242222120.391-100000@shazam.int> <3ABE1342.4A9CDFFF@iowna.com> <20010325143048.C45772@xor.obsecurity.org> <3ABF62CC.1A8846ED@iowna.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--/NkBOFFp2J2Af1nK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Mon, Mar 26, 2001 at 10:39:56AM -0500, Bill Moran wrote:

> 1. Can anyone direct me to a specific place where I can find details on
> the exploits? The best information I've found so far today is on ISC's
> site and all they say is that this is "critical" and "exploitable". I
> need to know just how potentially exploitable, so I can assess whether
> or not to be concerned that the internal network may have been
> compromised.

Check bugtraq on www.securityfocus.com.  Sorry, I don't have an exact URL.

The answer is "very exploitable", as in "can't be worked around",
although if you can run bind as a non-privileged user in a chroot then
it mitigates the effects a bit.  The FreeBSD advisory gives a pointer
on how to do this, I believe.

Kris
--/NkBOFFp2J2Af1nK
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6v7itWry0BWjoQKURAnb0AJ4z5o6NvP2L05YseeXfmaTyRfT8vACcDrMy
b9nvPbFoWRsZBjaHibwJHJo=
=ydJB
-----END PGP SIGNATURE-----

--/NkBOFFp2J2Af1nK--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010326134622.B7648>