From owner-freebsd-security Wed Nov 10 17:29:31 1999 Delivered-To: freebsd-security@freebsd.org Received: from sand2.sentex.ca (sand2.sentex.ca [209.167.248.3]) by hub.freebsd.org (Postfix) with ESMTP id 4CBDE14DA6 for ; Wed, 10 Nov 1999 17:29:22 -0800 (PST) (envelope-from mike@sentex.net) Received: from gravel (ospf-mdt.sentex.net [205.211.164.81]) by sand2.sentex.ca (8.8.8/8.8.8) with SMTP id UAA14202; Wed, 10 Nov 1999 20:29:13 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <4.1.19991110202719.04c5ee30@granite.sentex.ca> X-Sender: mdtancsa@granite.sentex.ca X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Wed, 10 Nov 1999 20:29:34 -0500 To: Robert Watson From: Mike Tancsa Subject: Re: BIND NXT Bug Vulnerability Cc: freebsd-security@FreeBSD.ORG In-Reply-To: References: <4.1.19991110194035.04c62100@granite.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 08:25 PM 11/10/99 , Robert Watson wrote: >3.3-RELEASE appears to use 8.1.2, which I believe is not vulnerable. My >understanding is that this bug was introduced in 8.2.* of BIND. Please >correct me if I am wrong. Actually, the initial posting to bugtraq only shows some of the picture. There are in fact 6 bugs listed on the given URL, e.g. Name: "solinger bug" Versions affected: 8.1, 8.1.1, 8.1.2, 8.2, 8.2 patchlevel 1, 8.2.1 Severity: SERIOUS Exploitable: Remotely Type: Denial of service ---Mike ********************************************************************** Mike Tancsa, Network Admin * mike@sentex.net Sentex Communications Corp, * http://www.sentex.net/mike Cambridge, Ontario * 01.519.651.3400 Canada * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message