From owner-freebsd-security Wed Nov 10 17:51:15 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 9519314E70 for ; Wed, 10 Nov 1999 17:51:13 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id UAA30553; Wed, 10 Nov 1999 20:51:12 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Wed, 10 Nov 1999 20:51:11 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Mike Tancsa Cc: freebsd-security@FreeBSD.ORG Subject: Re: BIND NXT Bug Vulnerability In-Reply-To: <4.1.19991110202719.04c5ee30@granite.sentex.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 10 Nov 1999, Mike Tancsa wrote: > At 08:25 PM 11/10/99 , Robert Watson wrote: > >3.3-RELEASE appears to use 8.1.2, which I believe is not vulnerable. My > >understanding is that this bug was introduced in 8.2.* of BIND. Please > >correct me if I am wrong. > > Actually, the initial posting to bugtraq only shows some of the picture. > There are in fact 6 bugs listed on the given URL, So 3.3-RELEASE is vulnerable to DOS, and not vulnerable to the remote access attack. Which is nice, but not ideal :-). Unfortunately, I wouldn't happen to be committer, so I wouldn't be commiting that one. :-) Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message