Date: Mon, 29 Jan 2001 11:48:09 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Igor Roshchin <str@giganda.komkon.org> Cc: security@freebsd.org, security-officer@freebsd.org Subject: Re: Bind: FreeBSD-SA-01:10 and CERT Advisory CA-2001-02 Message-ID: <20010129114809.A26160@xor.obsecurity.org> In-Reply-To: <200101291629.LAA76025@giganda.komkon.org>; from str@giganda.komkon.org on Mon, Jan 29, 2001 at 11:29:51AM -0500 References: <200101291629.LAA76025@giganda.komkon.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--gKMricLos+KVdGMg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jan 29, 2001 at 11:29:51AM -0500, Igor Roshchin wrote: > My COMMENT: > ------- > This is not true, because 4.0-RELEASE was shipped with=20 > named 8.2.2-P5-NOESW Mon Mar 20 20:43:54 GMT 2000 > root@monster.cdrom.com:/usr/obj/usr/src/usr.sbin/named > Thus, the statement in the advisory in question might be > at least misleading. Hmm, oops. I'll update it. > Therefore : > My question: > Is 8.2.2-P5-NOESW (shipped with 4.0-RELEASE) vulnerable to > a) the problem described in FreeBSD-SA-01:10 =20 Sounds like. > b) the problem described in CERT Advisory CA-2001-02=20 > (Multiple Vulnerabilities in BIND), VU#196945 (see that advisory > at the bottom of this message). No, that's a new problem we found out about a few days ago. Ain't software great? An advisory will be forthcoming. Kris --gKMricLos+KVdGMg Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6dcj5Wry0BWjoQKURAoGTAJ0XvIQC9pEtNG/qTMpLjftt9zb1aACfd0hb 2Es7idLJXMkS0cGNrSiLahY= =Ezy/ -----END PGP SIGNATURE----- --gKMricLos+KVdGMg-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010129114809.A26160>