Date: Sun, 18 Feb 2001 15:25:14 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Ng Pheng Siong <ngps@post1.com> Cc: security@FreeBSD.ORG Subject: Re: Base system with gcc stack-smashing protector Message-ID: <20010218152514.A37519@mollari.cthul.hu> In-Reply-To: <20010218151005.B424@madcap.dyndns.org>; from ngps@post1.com on Sun, Feb 18, 2001 at 03:10:05PM %2B0800 References: <20001117154551.A77867@citusc17.usc.edu> <20010216182625I.etoh@trl.ibm.com> <20010218151005.B424@madcap.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Dxnq1zWXvFF0Q93v Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Feb 18, 2001 at 03:10:05PM +0800, Ng Pheng Siong wrote: > On Fri, Feb 16, 2001 at 06:26:25PM +0900, Hiroaki Etoh wrote: > > We confirmed the protected system blocked the bind TSIG exploit which is > > announced from CERT, 31 Jan, 2001. >=20 > Hmmm, is an exploit in the wild? Are servers being probed actively? >=20 > I've been hearing people say no exploit has turned up yet. Yes, an exploit has been publically distributed for several weeks, and judging by the number of reports of people with old versions of BIND having it suddenly crash, it is actively being used. Kris --Dxnq1zWXvFF0Q93v Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6kFnaWry0BWjoQKURAkimAJ0eaVHkYbdagjIZfU33M3o9pfmB/gCdGtbf inlOkIUQ7vTwQtkE8rg/z5c= =Lbm6 -----END PGP SIGNATURE----- --Dxnq1zWXvFF0Q93v-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010218152514.A37519>