From owner-freebsd-security Thu Nov 9 10:26:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from delivery.insweb.com (delivery.insweb.com [12.16.212.64]) by hub.freebsd.org (Postfix) with ESMTP id 0EA8C37B479 for ; Thu, 9 Nov 2000 10:26:36 -0800 (PST) Received: from ursine.com (dhcp4-202.secure.insweb.com [192.168.4.202]) by delivery.insweb.com (8.9.2/8.9.3) with ESMTP id KAA08064; Thu, 9 Nov 2000 10:26:20 -0800 (PST) (envelope-from fbsd-secure@ursine.com) Message-ID: <3A0AEC4C.6778898B@ursine.com> Date: Thu, 09 Nov 2000 10:26:20 -0800 From: Michael Bryan X-Mailer: Mozilla 4.76 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Justin Stanford Cc: freebsd-security@FreeBSD.ORG Subject: Re: DOS vulnerability in BIND 8.2.2-P5 References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Justin Stanford wrote: > > I could not get my 4.1.1-STABLE machine's named to crash no matter what I > did. Reports indicate any of the 4.x-STABLE branch are not vulnerable. Yes, 4.x (from at least 4.1-RELEASE on) uses BIND 8.2.3-T5B, which does not appear to be vulnerable. I'm not sure what version of BIND was in the various 3.x FreeBSD releases, but I think 8.1.2 was on many of them, and a lot of people have upgraded to BIND 8.2.2-P5 on those systems as well. (I haven't heard yet if 8.1.2 is vulnerable to this DOS vulnerability). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message