From owner-freebsd-security  Fri Feb 16 16:35:01 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id QAA19722
          for security-outgoing; Fri, 16 Feb 1996 16:35:01 -0800 (PST)
Received: from precipice.shockwave.com (precipice.shockwave.com [171.69.108.33])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id QAA19708
          for <freebsd-security@freebsd.org>; Fri, 16 Feb 1996 16:34:59 -0800 (PST)
Received: from localhost.shockwave.com (localhost.shockwave.com [127.0.0.1]) by precipice.shockwave.com (8.7.3/8.7.3) with SMTP id QAA17499; Fri, 16 Feb 1996 16:33:49 -0800 (PST)
Message-Id: <199602170033.QAA17499@precipice.shockwave.com>
To: "Jonathan M. Bresler" <jmb@freefall.freebsd.org>
cc: ghelmer@alpha.dsu.edu (Guy Helmer), freebsd-security@freebsd.org
Subject: Re: named update 
In-reply-to: Your message of "Fri, 16 Feb 1996 13:08:45 PST."
             <199602162108.NAA06101@freefall.freebsd.org> 
Date: Fri, 16 Feb 1996 16:33:48 -0800
From: Paul Traina <pst@shockwave.com>
Sender: owner-security@freebsd.org
Precedence: bulk

damn, in that case, we're vulnerable too. :-(

  From: "Jonathan M. Bresler" <jmb@freefall.freebsd.org>
  Subject: Re: named update
  Guy Helmer wrote:
  > 
  > Does anyone know the named version details surrounding the named problem
  > that CERT just reported?  I just don't know which version tries to close
  > up the hole.  Is named in 2.0.5 and 2.1.0 a vulnerable version? 
  
  	recent cert advisory regarding BIND-4.9.3 teh problem
  	was buffer overflow hitting the stack during a recvfrom system call.
  
  	the patch is available from paul vixie
  	its called Patch1 dont have the exact reference here
  
  	the patch changed a total of two calls to recvfrom()
  
  	jmb