Date: Sat, 29 Jun 2002 13:35:30 +1000 From: Mark.Andrews@isc.org To: Brett Glass <brett@lariat.org> Cc: security@FreeBSD.ORG Subject: Re: libc flaw: BIND 9 closes most holes but also opens one Message-ID: <200206290335.g5T3ZUm0059814@drugs.dv.isc.org> In-Reply-To: Your message of "Fri, 28 Jun 2002 16:59:25 CST." <200206282259.QAA03790@lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> I've installed BIND 9 on our main domain name server to shield systems > (including Windows boxes, which may be vulnerable) from the libc hole. > Unfortunately, according to ISC, BIND 9 comes with a version of > libbind that's vulnerable. (See http://www.cert.org/advisories/CA-2002-19.htm > l.) > So, if you load up BIND 9 and an app that uses it (such as Sendmail) links > to the vulnerable libbind, you're still exposed. > > This problem may take even longer to mop up than I first thought (and I was > pessimistic to start with). I was slated to build a new server today, but > since 4.6-RELEASE-p1 isn't yet up on the Japanese snapshot server yet, > I think I'll wait. > > --Brett > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message Firstly lib/bind is *not* built by default. You have to explictly build it with "configure --enable-libbind". "libbind" is a *copy* of BIND 8's libbind which *is* fixed in 8.2.6 and 8.3.3. So don't enable libbind and if you have installed libbind from BIND 9, get one of the above BIND 8 releases and install there libbind. Mark -- Mark Andrews, Internet Software Consortium 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206290335.g5T3ZUm0059814>