Date: Wed, 26 Jun 2002 14:37:27 -0600 From: Brett Glass <brett@lariat.org> To: "H. Wade Minter" <minter@lunenburg.org>, freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv Message-ID: <4.3.2.7.2.20020626143023.022716c0@localhost> In-Reply-To: <20020626152504.Q45972-100000@bunning.skiltech.com> References: <200206261908.g5QJ8MOE035394@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 01:26 PM 6/26/2002, H. Wade Minter wrote: >So am I correct in assuming that this fix requires a complete system >rebuild (make buildworld) as opposed to just rebuilding a particular >module? Worse than that. Every package or port must be reinstalled or rebuilt too. Ditto everything you've built from source. Basically, the entire system must be ripped up by the roots. This is scary. There may be one mitigating factor, though. Suppose you block direct DNS to and from the outside world, allowing your systems to resolve names only through a DNS server on your own network that you know is safely patched. Will this hold off the hordes at the gates? Or is there a way for a malicious response to sneak through anyway (as with DNS cache poisoning)? Also, is the DNS cache in Squid vulnerable? --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20020626143023.022716c0>