Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 6 Aug 1998 10:41:40 +0100
From:      "Greg Quinlan" <gquinlan@qmpgmc.ac.uk>
To:        "Greg Quinlan" <gquinlan@qmpgmc.ac.uk>, <freebsd-questions@FreeBSD.ORG>
Cc:        <ronno@blaze.net.au>
Subject:   Re: MSCAN - named - Vulnerability
Message-ID:  <01bdc11e$69e77cc0$380051c2@greg.qmpgmc.ac.uk>
next in thread | raw e-mail | index | archive | help 
This is a multi-part message in MIME format.

------=_NextPart_000_000F_01BDC126.CBABE4C0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Sorry I seem to be answering my own questions. I found this extract from =
the reference
I just sent. Sorry I'll be quiet now... :)

"<!--StartFragment-->
FreeBSD, Inc.- -------------  We ship with INVQ not defined. This makes =
us=20
resistent against the first  vulnerability. This is true for all release =
after=20
2.2.0 (2.1.* releases  are vulnerable but should be upgraded anyway).  =
As we do=20
not yet ship  BIND 8, we are also not vulnerable to the 3rd =
vulnerability.  We=20
advise everyone to upgrade to BIND 4.9.7."=20
        from www.cert.org 06/08/98

-----Original Message-----
    From: Greg Quinlan <gquinlan@qmpgmc.ac.uk>
    To: Greg Quinlan <gquinlan@qmpgmc.ac.uk>; =
freebsd-questions@freebsd.org <freebsd-questions@freebsd.org>
    Cc: ronno@blaze.net.au <ronno@blaze.net.au>
    Date: 06 August 1998 10:24
    Subject: Re: MSCAN - named - Vulnerability
   =20
   =20
    This reference may also be useful:
    =20
    ftp://ftp.cert.org/pub/cert_advisories/CA-98.05.bind_problems
   =20
    Basically what version of BIND is FreeBSD using?

------=_NextPart_000_000F_01BDC126.CBABE4C0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
<HTML>
<HEAD>

<META content=3Dtext/html;charset=3Diso-8859-1 =
http-equiv=3DContent-Type><!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 =
HTML//EN"><!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
<META content=3D'"MSHTML 4.71.1712.3"' name=3DGENERATOR>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT color=3D#000000 size=3D2>Sorry I seem to be answering my own =
questions. I=20
found this extract from the reference</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT><FONT size=3D2>I just sent. =
Sorry I'll be=20
quiet now... :)</FONT></DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2>&quot;&lt;!--StartFragment--&gt;<BR>FreeBSD, Inc.-=20
-------------&nbsp; We ship with INVQ not defined. This makes us =
<BR>resistent=20
against the first&nbsp; vulnerability. This is true for all release =
after=20
<BR>2.2.0 (2.1.* releases&nbsp; are vulnerable but should be upgraded=20
anyway).&nbsp; As we do <BR>not yet ship&nbsp; BIND 8, we are also not=20
vulnerable to the 3rd vulnerability.&nbsp; We <BR>advise everyone to =
upgrade to=20
BIND 4.9.7.&quot; </FONT>&nbsp;</DIV>
<DIV><FONT size=3D2></FONT><FONT color=3D#000000=20
size=3D2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; from <A=20
href=3D"http://www.cert.org">www.cert.org</A>; 06/08/98</FONT></DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<BLOCKQUOTE=20
style=3D"BORDER-LEFT: #000000 solid 2px; MARGIN-LEFT: 5px; PADDING-LEFT: =
5px">
    <DIV><FONT face=3DArial size=3D2><B>-----Original =
Message-----</B><BR><B>From:=20
    </B>Greg Quinlan &lt;<A=20
    =
href=3D"mailto:gquinlan@qmpgmc.ac.uk">gquinlan@qmpgmc.ac.uk</A>&gt;<BR><B=
>To:=20
    </B>Greg Quinlan &lt;<A=20
    href=3D"mailto:gquinlan@qmpgmc.ac.uk">gquinlan@qmpgmc.ac.uk</A>&gt;; =
<A=20
    =
href=3D"mailto:freebsd-questions@freebsd.org">freebsd-questions@freebsd.o=
rg</A>=20
    &lt;<A=20
    =
href=3D"mailto:freebsd-questions@freebsd.org">freebsd-questions@freebsd.o=
rg</A>&gt;<BR><B>Cc:=20
    </B><A href=3D"mailto:ronno@blaze.net.au">ronno@blaze.net.au</A> =
&lt;<A=20
    =
href=3D"mailto:ronno@blaze.net.au">ronno@blaze.net.au</A>&gt;<BR><B>Date:=
=20
    </B>06 August 1998 10:24<BR><B>Subject: </B>Re: MSCAN - named -=20
    Vulnerability<BR><BR></DIV></FONT>
    <DIV><FONT size=3D2>This reference may also be useful:</FONT></DIV>
    <DIV><FONT size=3D2></FONT>&nbsp;</DIV>
    <DIV><FONT size=3D2><A=20
    =
href=3D"ftp://ftp.cert.org/pub/cert_advisories/CA-98.05.bind_problems">ft=
p://ftp.cert.org/pub/cert_advisories/CA-98.05.bind_problems</A></FONT></D=
IV>
    <DIV>&nbsp;</DIV>
    <DIV><FONT color=3D#000000 size=3D2>Basically what version of BIND =
is FreeBSD=20
    using?</FONT></DIV></BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_000F_01BDC126.CBABE4C0--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01bdc11e$69e77cc0$380051c2>