Date: Fri, 16 Feb 1996 16:33:48 -0800 From: Paul Traina <pst@shockwave.com> To: "Jonathan M. Bresler" <jmb@freefall.freebsd.org> Cc: ghelmer@alpha.dsu.edu (Guy Helmer), freebsd-security@freebsd.org Subject: Re: named update Message-ID: <199602170033.QAA17499@precipice.shockwave.com> In-Reply-To: Your message of "Fri, 16 Feb 1996 13:08:45 PST." <199602162108.NAA06101@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
damn, in that case, we're vulnerable too. :-( From: "Jonathan M. Bresler" <jmb@freefall.freebsd.org> Subject: Re: named update Guy Helmer wrote: > > Does anyone know the named version details surrounding the named problem > that CERT just reported? I just don't know which version tries to close > up the hole. Is named in 2.0.5 and 2.1.0 a vulnerable version? recent cert advisory regarding BIND-4.9.3 teh problem was buffer overflow hitting the stack during a recvfrom system call. the patch is available from paul vixie its called Patch1 dont have the exact reference here the patch changed a total of two calls to recvfrom() jmb
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602170033.QAA17499>