From owner-freebsd-security  Sun May 12  9:17:22 2002
Delivered-To: freebsd-security@freebsd.org
Received: from forum.lariat.org (forum.lariat.org [12.23.109.3])
	by hub.freebsd.org (Postfix) with ESMTP id 0F02837B401
	for <security@freebsd.org>; Sun, 12 May 2002 09:17:21 -0700 (PDT)
Received: (from brett@localhost)
	by forum.lariat.org (8.9.3/8.9.3) id KAA16441;
	Sun, 12 May 2002 10:17:15 -0600 (MDT)
Date: Sun, 12 May 2002 10:17:15 -0600 (MDT)
From: Brett Glass <brett@forum.lariat.org>
Message-Id: <200205121617.KAA16441@forum.lariat.org>
To: jake@iki.fi, security@freebsd.org
Subject: Re: DHCPD bug
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Jarkko Santala writes:

>Based on the CERT Advisory, it would seem to me that one is only
>vulnerable if dynamic dns updates are enabled. If they're off, I would
>have to think dhcpd doesn't try log any replies from nameservers.

Alas, if the daemon gets a "reply" that isn't really a reply to
anything, it still logs it.

--Brett
/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message