Date: Tue, 24 Jul 2007 17:20:44 -0700 From: Doug Barton <dougb@FreeBSD.org> To: "Simon L. Nielsen" <simon@FreeBSD.org>, freebsd-security@FreeBSD.org, FreeBSD Security Team <security-team@FreeBSD.org> Cc: FreeBSD Questions <freebsd-questions@freebsd.org>, Jeffrey Goldberg <jeffrey@goldmark.org> Subject: Re: Waiting for BIND security announcement Message-ID: <46A6975C.6000201@FreeBSD.org> In-Reply-To: <20070724234636.GA6738@zaphod.nitro.dk> References: <ADFAAD97-8DF7-4589-8046-843F7F36A600@goldmark.org> <20070724234636.GA6738@zaphod.nitro.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Simon L. Nielsen wrote: > [freebsd-security@ CC'ed to avoid answering the same there again > shorly :) - if following up, please drop either freebsd-questions or > freebsd-securiy to avoid "spamming" both lists] > > On 2007.07.24 18:15:43 -0500, Jeffrey Goldberg wrote: > >> As I'm sure many people know there is a newly discovered BIND vulnerability >> allowing cache injection (pharming). See I think it's worth pointing out that cache injection and pharming are not the same thing, although cache injection can be used as part of a pharming attack. I also think it's worth noting that this isn't an "all your queries are belong to us" type of attack. The attack involves _predicting_ query id numbers which at _best_ will be successful only once in 16 tries. Then you have to actually time it right so that you can use your guess. Still, it is worth upgrading to avoid this issue. >> http://www.isc.org/index.pl?/sw/bind/bind-security.php >> >> for details. >> >> The version of bind on 6.2, 9.3.3, RELENG_6 was updated shortly after the release of 9.3.4. I'll be updating RELENG_[56] with the new 9.3.4-P1 version after I'm done regression testing it, which should be some time tonight. Same for updating HEAD with 9.4.1-P1. The ports for bind9 and bind94 are already updated, so those with urgent needs can use that route to upgrade immediately. hope this helps, Doug -- This .signature sanitized for your protection
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46A6975C.6000201>