Date: Mon, 01 Jun 1998 08:11:44 -0700 From: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca> To: Steve Reid <sreid@alpha.sea-to-sky.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: /usr/sbin/named Message-ID: <199806011512.IAA29510@passer.osg.gov.bc.ca> In-Reply-To: Your message of "Sun, 31 May 1998 23:56:23 PDT." <Pine.LNX.3.95.iB1.0.980531235510.7174A-100000@alpha.sea-to-sky.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Named under FreeBSD is not compiled with inverse query. Out-of-the-box
FreeBSD should be impervious to this attack.
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Open Systems Group Internet: cschuber@uumail.gov.bc.ca
ITSD Cy.Schubert@gems8.gov.bc.ca
Government of BC
> Is /usr/sbin/named as distributed with FreeBSD 2.2.6-RELEASE vulnerable
> to known exploits?
>
> Strings shows the version as 4.9.6-REL and a recent Bugtraq post listed
> this version as exploitable. However, although the _version_ is the same
> between my 2.2.6-RELEASE and 2.2.5-RELEASE machines, the _dates_ are
> different. Is /usr/sbin/named in 2.2.6-RELEASE fixed?
>
> Also... Is there any reason for this daemon to run as root, other than
> binding to port 53? Would it be possible and reasonable to patch it to
> give up root after binding to the port?
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806011512.IAA29510>