From owner-freebsd-security Tue Nov 19 14:50:42 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id OAA12447 for security-outgoing; Tue, 19 Nov 1996 14:50:42 -0800 (PST) Received: from dark.sinister.com (security@sinister.tiac.net [206.119.18.34]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id OAA12426; Tue, 19 Nov 1996 14:50:34 -0800 (PST) Received: from localhost (security@localhost) by dark.sinister.com (8.8.2/8.6.9) with SMTP id RAA15677; Tue, 19 Nov 1996 17:48:16 -0500 Date: Tue, 19 Nov 1996 17:48:11 -0500 (EST) From: Security Officer To: "S(pork)" cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org Subject: Re: Serious BIND resolver problem. (fwd) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Tue, 19 Nov 1996, S(pork) wrote: > >From your friendly neighborhood paranoia victim comes yet another loaded > question... > > I got this little advisory (thankfully without an exploit) today, and it's > got me all worried. It's a problem in the whole gethostbyname call that > allows (supposedly) local and remote users to gain root access using a > variety of programs that rely on the gethostbyname call. So I downloaded > BIND-4.9.3-REL which fixes all of this; and then I read the README in the I think you want 4.9.5 > > ---------- Forwarded message ---------- > Date: Mon, 18 Nov 1996 22:54:03 -0700 > From: Oliver Friedrichs > To: Multiple recipients of list BUGTRAQ > Subject: Serious BIND resolver problem. > > > We recommend upgrading to the latest release of BIND which solves this > problem due to the incorporation of IPv6 address support. > > The latest official release of BIND is availible at: > > ftp.vix.com in the directory /pub/bind/release/4.9.5 > > --Dr. Who System Administrator Sinister Networks