Date: Tue, 21 Jul 1998 14:29:16 +0200 From: Johann Visagie <wjv@cityip.co.za> To: Steve Reid <sreid@alpha.sea-to-sky.net>, freebsd-security@FreeBSD.ORG Subject: Re: /usr/sbin/named Message-ID: <19980721142916.B4361@cityip.co.za> In-Reply-To: <Pine.LNX.3.95.iB1.0.980531235510.7174A-100000@alpha.sea-to-sky.net>; from Steve Reid on Sun, May 31, 1998 at 11:56:23PM -0700 References: <Pine.LNX.3.95.iB1.0.980531235510.7174A-100000@alpha.sea-to-sky.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 31 May 1998 at 23:56 SAT, Steve Reid wrote: > > Is /usr/sbin/named as distributed with FreeBSD 2.2.6-RELEASE vulnerable > to known exploits? If it had been vulnerable you would've been hacked already. :-) There was widespread exploitation of that hole, especially after the release of mscan. >From what I can establish, no recent versions of FreeBSD are vulnerable OOTB, since the named is /not/ compiled with inverse queries enabled by default. I've tried the exploit on a number of machines to no avail. (Oh the other hand, many RedHat Linux machines are vulnerable, depending on which version of RedHat's named RPM is installed.) -- V Johann Visagie | Email: wjv@CityIP.co.za | Tel: +27 21 419-7878 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980721142916.B4361>