Date: Sat, 25 Apr 1998 20:58:51 +0100 From: Karl Pielorz <kpielorz@tdx.co.uk> To: Dan Busarow <dan@dpcsys.com> Cc: Joao Carlos <jcarlos@bahianet.com.br>, freebsd-questions@FreeBSD.ORG Subject: Re: BIND Message-ID: <3542407B.FB33350D@tdx.co.uk> References: <Pine.BSF.3.96.980425124104.9520A-100000@java.dpcsys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, I remember reading about this a while ago - but apparently the default config for 4.9.X and 8.X is safe... For the server to be vunerable you must have: "options fake-iquery" in your named.boot/named.conf file... If it's not there your OK... If it is there apparently theres a possible root exploit by a classic buffer overrun etc... :-( It was issued in CERT advisory CA-98.05, called "bind_problems" - at the time the latest versions were affected, this may have changed now though... I don't know where you can get it on the net (maybe CERT have archives?) - If you need I can mail you a copy... Regards, Karl Pielorz Dan Busarow wrote: > > On Sat, 25 Apr 1998, Joao Carlos wrote: > > I'm not an experient user of UNIX systems and I saw an article talking > > about an exploit in BIND 8 or BIND 4.9. > > I am not aware of any exploits in BIND 8.x or 4.9.6. The article > almost certainly referred to the exploit in 4.9.5 (and earlier) > which 4.9.6 fixed. BIND 8.x is not vulnerable. > > Which version of FreeBSD are you using? 2.2.5 comes with 4.9.6, > anything earlier, like 2.2.1 probably has 4.9.5 or older and should > be updated. > > Dan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3542407B.FB33350D>