From owner-freebsd-security Sat Feb 17 01:02:09 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id BAA01540 for security-outgoing; Sat, 17 Feb 1996 01:02:09 -0800 (PST) Received: from genesis.atrad.adelaide.edu.au (genesis.atrad.adelaide.edu.au [129.127.96.120]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id BAA01535 for ; Sat, 17 Feb 1996 01:02:04 -0800 (PST) Received: from msmith@localhost by genesis.atrad.adelaide.edu.au (8.6.12/8.6.9) id TAA01376; Sat, 17 Feb 1996 19:35:57 +1030 From: Michael Smith Message-Id: <199602170905.TAA01376@genesis.atrad.adelaide.edu.au> Subject: Re: named update To: ghelmer@alpha.dsu.edu (Guy Helmer) Date: Sat, 17 Feb 1996 19:35:56 +1030 (CST) Cc: freebsd-security@FreeBSD.org In-Reply-To: from "Guy Helmer" at Feb 16, 96 09:15:53 am MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.org Precedence: bulk Guy Helmer stands accused of saying: > > Does anyone know the named version details surrounding the named problem > that CERT just reported? I just don't know which version tries to close > up the hole. Is named in 2.0.5 and 2.1.0 a vulnerable version? Is this the one involving a syslog() buffer overrun? (The one that allegedly bit a pile of linux-using ISP's in WA recently 8) AFAIK, FreeBSD 2.1 and later is not vulnerable to any syslog-overflow exploit. > Guy Helmer, Dakota State University Computing Services - ghelmer@alpha.dsu.edu -- ]] Mike Smith, Software Engineer msmith@atrad.adelaide.edu.au [[ ]] Genesis Software genesis@atrad.adelaide.edu.au [[ ]] High-speed data acquisition and (GSM mobile) 0411-222-496 [[ ]] realtime instrument control (ph/fax) +61-8-267-3039 [[ ]] Collector of old Unix hardware. "I seek PEZ!" - The Tick [[