Date: Mon, 01 Jun 1998 08:11:44 -0700 From: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca> To: Steve Reid <sreid@alpha.sea-to-sky.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: /usr/sbin/named Message-ID: <199806011512.IAA29510@passer.osg.gov.bc.ca> In-Reply-To: Your message of "Sun, 31 May 1998 23:56:23 PDT." <Pine.LNX.3.95.iB1.0.980531235510.7174A-100000@alpha.sea-to-sky.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Named under FreeBSD is not compiled with inverse query. Out-of-the-box FreeBSD should be impervious to this attack. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Open Systems Group Internet: cschuber@uumail.gov.bc.ca ITSD Cy.Schubert@gems8.gov.bc.ca Government of BC > Is /usr/sbin/named as distributed with FreeBSD 2.2.6-RELEASE vulnerable > to known exploits? > > Strings shows the version as 4.9.6-REL and a recent Bugtraq post listed > this version as exploitable. However, although the _version_ is the same > between my 2.2.6-RELEASE and 2.2.5-RELEASE machines, the _dates_ are > different. Is /usr/sbin/named in 2.2.6-RELEASE fixed? > > Also... Is there any reason for this daemon to run as root, other than > binding to port 53? Would it be possible and reasonable to patch it to > give up root after binding to the port? > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806011512.IAA29510>