Date: Wed, 23 Apr 1997 10:15:30 +0000 (GMT) From: The Code Warrior <jbowie@bsdnet.org> To: Dmitry Valdov <dv@kis.ru> Cc: freebsd-security@FreeBSD.ORG Subject: Re: SNI-12: BIND Vulnerabilities and Solutions (fwd) Message-ID: <Pine.BSF.3.96.970423100818.1014A-100000@utopia.nh.ultranet.com> In-Reply-To: <Pine.BSF.3.95q.970422231144.12297A-100000@xkis.kis.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 22 Apr 1997, Dmitry Valdov wrote:
> Hello!
>
> Is fbsd 2.2.1 vulnerable? If yes are there any patches available specially
> for FreeBSD?
>
>
Well, I would have to say it is definitely vulnerable to the first prob-
lem presented, as the BIND code is all the same, and the 2.2.1 release has
a BIND distro which falls within the version constraints of the exploit, that
it would have to be vulnerable. The second vulnerability however might not
apply to us. I haven't checked the gethostby* libs, so I'm not sure if the
resolver does internal bounds checking, rather than just letting you overflow
the stack with a spoofed DNS name. I will look into it this afternoon.
-Jon Bowie
SysAdmin / Consulting / TeenSysop.
603-436-5698 jbowie@bsdnet.org
"...And I still believe that I can not be saved."
-Billy Corgan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970423100818.1014A-100000>