From owner-freebsd-security Mon Mar 6 13:14:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from dt051n0b.san.rr.com (dt051n0b.san.rr.com [204.210.32.11]) by hub.freebsd.org (Postfix) with ESMTP id 00F9737BF72 for ; Mon, 6 Mar 2000 13:14:25 -0800 (PST) (envelope-from Doug@gorean.org) Received: from slave (doug@slave [10.0.0.1]) by dt051n0b.san.rr.com (8.9.3/8.9.3) with ESMTP id NAA15151; Mon, 6 Mar 2000 13:14:19 -0800 (PST) (envelope-from Doug@gorean.org) Date: Mon, 6 Mar 2000 13:14:19 -0800 (PST) From: Doug Barton X-Sender: doug@dt051n0b.san.rr.com To: Dirk.Nerling@pdv.de Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD 2.2.6 and CA-99-14 ??? In-Reply-To: <6CC81B07CB44D311A1D20001FA7E9956115089@exchange.pdv.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 6 Mar 2000 Dirk.Nerling@pdv.de wrote: > Hello, > > does anybody of you know something about the BIND problem mentioned in > CA-99-14 and FreeBSD 2.2.6? Are there any vulnerabilities? > best regards Dirk Freebsd 2.2.6 is old, has some bugs, and may present a security risk to your site. BIND 4 is ancient, definitely has some bugs, and definitely DOES present a security risk to your site. You should immediately make plans to upgrade FreeBSD to 3.4-Release which comes with BIND 8. You should probably also upgrade to BIND 8.2.2p5 after you've gotten your new installation squared away. Good luck, Doug -- "Welcome to the desert of the real." - Laurence Fishburne as Morpheus, "The Matrix" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message