From owner-freebsd-questions  Tue Nov 19 14:55:25 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id OAA12730
          for questions-outgoing; Tue, 19 Nov 1996 14:55:25 -0800 (PST)
Received: from super-g.inch.com (spork@super-g.com [204.178.32.161])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id OAA12722;
          Tue, 19 Nov 1996 14:55:18 -0800 (PST)
Received: from localhost (spork@localhost) by super-g.inch.com (8.7.6/8.6.9) with SMTP id RAA02126; Tue, 19 Nov 1996 17:54:06 -0500
Date: Tue, 19 Nov 1996 16:54:05 -0600 (CST)
From: "S(pork)" <spork@super-g.com>
X-Sender: spork@super-g.inch.com
To: Security Officer <security@sinister.com>
cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org
Subject: Re: Serious BIND resolver problem. (fwd)
In-Reply-To: <Pine.LNX.3.95.961119174603.12421G-100000@dark.sinister.com>
Message-ID: <Pine.LNX.3.92.961119165327.1956B-100000@super-g.inch.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Whoops, yeah, 4.9.5; question still stands...  sorry...

Charles

On Tue, 19 Nov 1996, Security Officer wrote:

>
>
> On Tue, 19 Nov 1996, S(pork) wrote:
>
> > >From your friendly neighborhood paranoia victim comes yet another loaded
> > question...
> >
> > I got this little advisory (thankfully without an exploit) today, and it's
> > got me all worried.  It's a problem in the whole gethostbyname call that
> > allows (supposedly) local and remote users to gain root access using a
> > variety of programs that rely on the gethostbyname call.  So I downloaded
> > BIND-4.9.3-REL which fixes all of this; and then I read the README in the
>
> I think you want 4.9.5
>
>
> >
> > ---------- Forwarded message ----------
> > Date: Mon, 18 Nov 1996 22:54:03 -0700
> > From: Oliver Friedrichs <oliver@secnet.com>
> > To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
> > Subject: Serious BIND resolver problem.
> >
>
>
> >
> > We recommend upgrading to the latest release of BIND which solves this
> > problem due to the incorporation of IPv6 address support.
> >
> > The latest official release of BIND is availible at:
> >
> > ftp.vix.com in the directory /pub/bind/release/4.9.5
> >
> >
>
>
> --Dr. Who
>
> System Administrator
> Sinister Networks
>
>
>