From owner-freebsd-security Wed Jun 26 18: 9:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.root.nis.za (decoder.geek.sh [196.36.198.81]) by hub.freebsd.org (Postfix) with ESMTP id 8138837C7BF for ; Wed, 26 Jun 2002 16:59:39 -0700 (PDT) Received: from aragon (na.sdn.net.za [66.8.86.210]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by mail.root.nis.za (Postfix) with SMTP id 58FE124F03; Thu, 27 Jun 2002 01:59:29 +0200 (SAST) Message-ID: <000f01c21d6d$99949ed0$01000001@aragon> From: "Aragon Gouveia" To: "Brett Glass" Cc: References: <4.3.2.7.2.20020626143023.022716c0@localhost> <4.3.2.7.2.20020626151157.02193340@localhost> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv Date: Thu, 27 Jun 2002 02:00:04 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > But, again, it may be possible to defuse the bug without > tearing the whole system apart. After all, if resolv.conf > points the query at a locally running copy of, say, > BIND or djbdns, and the daemon blocks the exploit, you're > safe. Same if you query a domain name server (on the same > host or not) and *it* blocks the exploit. So, fixing the > problem might be as simple as turning on named and modifying > resolv.conf. Maybe also add some firewall rulesets to block spoofed packets from say, 127.0.0.1, entering your public interface. Regards, Aragon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message