Date: Mon, 1 Jun 1998 08:31:59 -0400 (EDT) From: Mike <mike@seidata.com> To: Steve Reid <sreid@alpha.sea-to-sky.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: /usr/sbin/named Message-ID: <Pine.BSF.3.96.980601082704.5407A-100000@ns1.seidata.com> In-Reply-To: <Pine.LNX.3.95.iB1.0.980531235510.7174A-100000@alpha.sea-to-sky.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 31 May 1998, Steve Reid wrote: > Strings shows the version as 4.9.6-REL and a recent Bugtraq post listed > this version as exploitable. However, although the _version_ is the same The versions the Bugtraq post list as vulerable are vulnerable if you are using the named.boot/conf options mentioned. If you're not using these options, you are not vulnerable. My 2.2.6-REL box was running a "vulnerable version", but was not "vulnerable" since I didn't accept fake queries, etc. I've since upgraded to 8.1.2-T3B. You could re-compile with certain compile-time options unset (as mentioined in the post), upgrade to 4.9.7 or 8.1.2, or not worry about this at all if you are not using the named.boot/conf settings that allow your system to be vulnerable. later, Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980601082704.5407A-100000>