From owner-freebsd-security Mon Jun 1 05:32:18 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA26738 for freebsd-security-outgoing; Mon, 1 Jun 1998 05:32:18 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns1.seidata.com (ns1.seidata.com [208.10.211.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA26719 for ; Mon, 1 Jun 1998 05:32:10 -0700 (PDT) (envelope-from mike@seidata.com) Received: from localhost (mike@localhost) by ns1.seidata.com (8.8.8/8.8.5) with SMTP id IAA06334; Mon, 1 Jun 1998 08:31:59 -0400 (EDT) Date: Mon, 1 Jun 1998 08:31:59 -0400 (EDT) From: Mike To: Steve Reid cc: freebsd-security@FreeBSD.ORG Subject: Re: /usr/sbin/named In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 31 May 1998, Steve Reid wrote: > Strings shows the version as 4.9.6-REL and a recent Bugtraq post listed > this version as exploitable. However, although the _version_ is the same The versions the Bugtraq post list as vulerable are vulnerable if you are using the named.boot/conf options mentioned. If you're not using these options, you are not vulnerable. My 2.2.6-REL box was running a "vulnerable version", but was not "vulnerable" since I didn't accept fake queries, etc. I've since upgraded to 8.1.2-T3B. You could re-compile with certain compile-time options unset (as mentioined in the post), upgrade to 4.9.7 or 8.1.2, or not worry about this at all if you are not using the named.boot/conf settings that allow your system to be vulnerable. later, Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message