Date: Thu, 6 Aug 1998 13:42:29 +0100 From: "Greg Quinlan" <gquinlan@qmpgmc.ac.uk> To: "Neil Blakey-Milner" <nbm@rucus.ru.ac.za>, <freebsd-questions@FreeBSD.ORG> Subject: Re: MSCAN - named - Vulnerability Message-ID: <01bdc137$ac8b1500$380051c2@greg.qmpgmc.ac.uk>
next in thread | raw e-mail | index | archive | help
Since I am running a live DNS I have grabbed bind 4.9.7 for reasons listed below in quotes. I obtained the update directly from the source: http://www.isc.org/bind.html (released 11 May 1998) "FreeBSD, Inc.- ------------- We ship with INVQ not defined. This makes us resistent against the first vulnerability. This is true for all release after 2.2.0 (2.1.* releases are vulnerable but should be upgraded anyway). As we do not yet ship BIND 8, we are also not vulnerable to the 3rd vulnerability. We advise everyone to upgrade to BIND 4.9.7." compiled it! stripped named! and installed it... it appears to be running better than ever. I may try bind 8 on a development machine later!! Greg -----Original Message----- From: Neil Blakey-Milner <nbm@rucus.ru.ac.za> To: Greg Quinlan <gquinlan@qmpgmc.ac.uk>; freebsd-questions@freebsd.org <freebsd-questions@freebsd.org> Cc: ronno@blaze.net.au <ronno@blaze.net.au> Date: 06 August 1998 13:12 Subject: Re: MSCAN - named - Vulnerability >On Thu 1998-08-06 (09:48), Greg Quinlan wrote: >> This is a reference for futher reading: >> >> http://www.ja.net/CERT/CERT-CC/cert_advisories/CA-98.05.bind_problems >> >> Is FreeBSD 2.2.5 vulnerable to the named/bind overflow hack! > >As far as my experience, the exploit didn't seem to work on my machine >personally, but it did knock over my named, which also means trouble. > >You should update your named, preferably to bind 8.1.2 (I think). > >Use cvsup to update your ports directory (or just ports/net), and >type make install. Comes with a converter from bind4 named.boot to >bind8's named.conf. (I'm not too sure about update paths for bind4) > >Neil >-- >Neil Blakey-Milner >nbm@rucus.ru.ac.za > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01bdc137$ac8b1500$380051c2>