From owner-freebsd-questions Thu Aug 6 02:42:51 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id CAA04234 for freebsd-questions-outgoing; Thu, 6 Aug 1998 02:42:51 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from amanda.qmpgmc.ac.uk ([194.81.5.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA04223 for ; Thu, 6 Aug 1998 02:42:35 -0700 (PDT) (envelope-from gquinlan@qmpgmc.ac.uk) Received: from dns0.qmpgmc.ac.uk by amanda.qmpgmc.ac.uk (UUNET Amanda using sendmail V8.9.1) id KAA02320; Thu, 6 Aug 1998 10:40:09 +0100 (BST) Received: from greg.qmpgmc.ac.uk (haem_pc) by dns0.qmpgmc.ac.uk (5.x/QMPGMC simple 1.27) id AA06980; Thu, 6 Aug 1998 10:51:57 +0100 Reply-To: "Greg Quinlan" From: "Greg Quinlan" To: "Greg Quinlan" , Cc: Subject: Re: MSCAN - named - Vulnerability Date: Thu, 6 Aug 1998 10:41:40 +0100 Message-Id: <01bdc11e$69e77cc0$380051c2@greg.qmpgmc.ac.uk> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000F_01BDC126.CBABE4C0" X-Priority: 3 X-Msmail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.71.1712.3 X-Mimeole: Produced By Microsoft MimeOLE V4.71.1712.3 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. ------=_NextPart_000_000F_01BDC126.CBABE4C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sorry I seem to be answering my own questions. I found this extract from = the reference I just sent. Sorry I'll be quiet now... :) " FreeBSD, Inc.- ------------- We ship with INVQ not defined. This makes = us=20 resistent against the first vulnerability. This is true for all release = after=20 2.2.0 (2.1.* releases are vulnerable but should be upgraded anyway). = As we do=20 not yet ship BIND 8, we are also not vulnerable to the 3rd = vulnerability. We=20 advise everyone to upgrade to BIND 4.9.7."=20 from www.cert.org 06/08/98 -----Original Message----- From: Greg Quinlan To: Greg Quinlan ; = freebsd-questions@freebsd.org Cc: ronno@blaze.net.au Date: 06 August 1998 10:24 Subject: Re: MSCAN - named - Vulnerability =20 =20 This reference may also be useful: =20 ftp://ftp.cert.org/pub/cert_advisories/CA-98.05.bind_problems =20 Basically what version of BIND is FreeBSD using? ------=_NextPart_000_000F_01BDC126.CBABE4C0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Sorry I seem to be answering my own = questions. I=20 found this extract from the reference
I just sent. = Sorry I'll be=20 quiet now... :)
 
"<!--StartFragment-->
FreeBSD, Inc.-=20 -------------  We ship with INVQ not defined. This makes us =
resistent=20 against the first  vulnerability. This is true for all release = after=20
2.2.0 (2.1.* releases  are vulnerable but should be upgraded=20 anyway).  As we do
not yet ship  BIND 8, we are also not=20 vulnerable to the 3rd vulnerability.  We
advise everyone to = upgrade to=20 BIND 4.9.7."  
        from www.cert.org 06/08/98
 
-----Original = Message-----
From:=20 Greg Quinlan <gquinlan@qmpgmc.ac.uk>
To:=20 Greg Quinlan <gquinlan@qmpgmc.ac.uk>; = freebsd-questions@freebsd.o= rg=20 <freebsd-questions@freebsd.o= rg>
Cc:=20 ronno@blaze.net.au = <ronno@blaze.net.au>
Date:= =20 06 August 1998 10:24
Subject: Re: MSCAN - named -=20 Vulnerability

This reference may also be useful:
 
ft= p://ftp.cert.org/pub/cert_advisories/CA-98.05.bind_problems
 
Basically what version of BIND = is FreeBSD=20 using?
------=_NextPart_000_000F_01BDC126.CBABE4C0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message