Date: Tue, 2 Jul 2002 21:24:22 -0400 From: Peter Radcliffe <pir@pir.net> To: freebsd-security@FreeBSD.ORG Subject: Re: CERT Advisory CA-2002-18 OpenSSH Vulnerabilities in Challenge Response Message-ID: <20020703012422.GC9314@pir.net> In-Reply-To: <xzpbs9p8v8b.fsf@flood.ping.uio.no> References: <NEBBIGLHNDFEJMMIEGOOGEHGFCAA.peter@skyrunner.net> <xzpk7od8vwt.fsf@flood.ping.uio.no> <200207030109.g6319Ufb008965@apollo.backplane.com> <xzpbs9p8v8b.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Dag-Erling Smorgrav <des@ofug.org> probably said: > As far as I know, named itself is not vulnerable, but libbind contains > the bug, and software that uses libbind's gethost*() (nothing in the > base system does) is vulnerable. Does -STABLE's /usr/bin/dig, host, etc, not use libbind, then ? strings on the binary suggests otherwise. \pir -- pir pir-sig@pir.net pir-sig@net.tufts.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020703012422.GC9314>