From owner-freebsd-security Fri Feb 16 13:08:49 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id NAA06109 for security-outgoing; Fri, 16 Feb 1996 13:08:49 -0800 (PST) Received: (from jmb@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id NAA06101 Fri, 16 Feb 1996 13:08:46 -0800 (PST) From: "Jonathan M. Bresler" Message-Id: <199602162108.NAA06101@freefall.freebsd.org> Subject: Re: named update To: ghelmer@alpha.dsu.edu (Guy Helmer) Date: Fri, 16 Feb 1996 13:08:45 -0800 (PST) Cc: freebsd-security@freebsd.org In-Reply-To: from "Guy Helmer" at Feb 16, 96 09:15:53 am X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-security@freebsd.org Precedence: bulk Guy Helmer wrote: > > Does anyone know the named version details surrounding the named problem > that CERT just reported? I just don't know which version tries to close > up the hole. Is named in 2.0.5 and 2.1.0 a vulnerable version? recent cert advisory regarding BIND-4.9.3 teh problem was buffer overflow hitting the stack during a recvfrom system call. the patch is available from paul vixie its called Patch1 dont have the exact reference here the patch changed a total of two calls to recvfrom() jmb