Date: Tue, 19 Nov 1996 15:24:44 -0800 (PST) From: Brian Wang <brian@mail.vividnet.com> To: "S(pork)" <spork@super-g.com> Cc: freebsd-security@FreeBSD.org, freebsd-questions@FreeBSD.org Subject: Re: Serious BIND resolver problem. (fwd) Message-ID: <Pine.BSF.3.95.961119152048.3489A-100000@taurus.vividnet.com> In-Reply-To: <Pine.LNX.3.92.961119151129.1956A-100000@super-g.inch.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 19 Nov 1996, S(pork) wrote: > >From your friendly neighborhood paranoia victim comes yet another loaded > question... > > I got this little advisory (thankfully without an exploit) today, and it's > got me all worried. It's a problem in the whole gethostbyname call that > allows (supposedly) local and remote users to gain root access using a > variety of programs that rely on the gethostbyname call. So I downloaded > BIND-4.9.3-REL which fixes all of this; and then I read the README in the > BSD directory, got thoroughly confused, and posted my root password to > #hack on irc. (kidding). Now this does not appear to be a simple feat > (hence my posting to -questions and -security; security people can look at > it and laugh, and questions can tell me all about "diff-ing my source > tree" and "manually updating includes (which you may or may not have to > do)." So my question is this; could anyone who's already updated this > give me some advice or some pointers to this procedure?? The site > carrying 4.9.3-REL is over at: ftp.vix.com/pub/bind/release > > Thanks All, > > Charles Charles, I think 4.9.5-REL over at ftp.vix.com/pub/bind/release/4.9.5 is what you are looking for, and as suggested by the advisory. I just updated our 2 name servers this morning, and all I did is make, and then make install. Sincerely, Brian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.961119152048.3489A-100000>