From owner-freebsd-security Sat Feb 17 10:03:39 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id KAA20859 for security-outgoing; Sat, 17 Feb 1996 10:03:39 -0800 (PST) Received: from haven.uniserve.com (haven.uniserve.com [198.53.215.121]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id KAA20853 for ; Sat, 17 Feb 1996 10:03:36 -0800 (PST) Received: by haven.uniserve.com id <30809-24131>; Sat, 17 Feb 1996 10:06:07 -0800 Date: Sat, 17 Feb 1996 10:05:57 -0800 (PST) From: Tom Samplonius To: "Jonathan M. Bresler" cc: Guy Helmer , freebsd-security@freebsd.org Subject: Re: named update In-Reply-To: <199602162108.NAA06101@freefall.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org Precedence: bulk On Fri, 16 Feb 1996, Jonathan M. Bresler wrote: > Guy Helmer wrote: > > > > Does anyone know the named version details surrounding the named problem > > that CERT just reported? I just don't know which version tries to close > > up the hole. Is named in 2.0.5 and 2.1.0 a vulnerable version? > > recent cert advisory regarding BIND-4.9.3 teh problem > was buffer overflow hitting the stack during a recvfrom system call. > > the patch is available from paul vixie > its called Patch1 dont have the exact reference here > > the patch changed a total of two calls to recvfrom() > > jmb patch1 prevents named from dumping core when receiving hesiod queries from Ultrix machines. It does not directly correspond to this CERT alert. This core dumping problem appears to affect all 4.9.3 betas too. The problem alerted to by CERT, can allow outside attackers to introduce bad info into the named cache, affecting the security of host based authenication. It is unclear exactly what versions are affected, but 4.9.3P1 is not. Tom