From owner-freebsd-security Mon Jan 29 17:38:31 2001 Delivered-To: freebsd-security@freebsd.org Received: from xgate4.sd.co.nz (ns.netxsecure.com [210.55.57.156]) by hub.freebsd.org (Postfix) with ESMTP id BF64237B400 for ; Mon, 29 Jan 2001 17:38:12 -0800 (PST) Received: from netxsecure.net (xmgate-172-2.sd.co.nz [172.16.30.2]) by xgate4.sd.co.nz (8.11.0/8.11.0) with ESMTP id f0U1xxE15062; Tue, 30 Jan 2001 14:59:59 +1300 (NZDT) Message-ID: <3A761E44.1E7306FB@netxsecure.net> Date: Tue, 30 Jan 2001 14:52:04 +1300 From: "Michael A. Williams" X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.5-22 i586) X-Accept-Language: en MIME-Version: 1.0 To: Matt@netxsecure.net, Dillon@netxsecure.net Cc: freebsd-security@FreeBSD.ORG Subject: Re: [COVERT-2001-01] Multiple Vulnerabilities in BIND - FreeBSDImplications ? References: <200101300108.f0U18MO81199@earth.backplane.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Archived: msg.Arcx4874@xgate4 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Matt Dillon wrote: > > Ok, I'm really confused now. I am currently running 8.2.3-T6B. > > Do I need to upgrade or am I ok? If I need to upgrade, is the patch > in the tree now or do I need to wait? > Hi Matt, According to: Subject: [COVERT-2001-01] Multiple Vulnerabilities in BIND Date: Mon, 29 Jan 2001 06:31:55 -0800 From: COVERT Labs To: BUGTRAQ@SECURITYFOCUS.COM Vulnerable Systems BIND 8 versions: 8.2, 8.2.1 8.2.2 through to 8.2.2-P7 8.2.3-T1A through to 8.2.3-T9B <--- 8.2.3-T6B fits in here. BIND 4 versions: buffer overflow - 4.9.5 through to 4.9.7 format string - 4.9.3 through to 4.9.5-P1 You are vulnerable and do need to upgrade. Mike. -- Michael A. Williams, InfoSec Technology Manager NetXSecure NZ Limited, mike@netxsecure.net www.netxsecure.com Ph.+64.9.278.8348, Fax.+64.9.278.8352, Mob.+64.21.995.914 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message