From owner-freebsd-security Wed Apr 15 18:24:45 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA22948 for freebsd-security-outgoing; Wed, 15 Apr 1998 18:24:45 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from burka.rdy.com (dima@burka.rdy.com [205.149.163.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA22878 for ; Wed, 15 Apr 1998 18:24:32 -0700 (PDT) (envelope-from dima@burka.rdy.com) Received: by burka.rdy.com id SAA01318; (8.8.8/RDY) Wed, 15 Apr 1998 18:24:28 -0700 (PDT) Message-Id: <199804160124.SAA01318@burka.rdy.com> Subject: Re: Any news on this?: CA-98.05 Multiple Vulnerabilities in BIND In-Reply-To: <199804160029.SAA10227@infowest.com> from "Aaron D. Gifford" at "Apr 15, 98 06:29:36 pm" To: agifford@infowest.com (Aaron D. Gifford) Date: Wed, 15 Apr 1998 18:24:28 -0700 (PDT) Cc: freebsd-security@FreeBSD.ORG X-Class: Fast Organization: HackerDome Reply-To: dima@best.net From: dima@best.net (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk Aaron D. Gifford writes: > Hello, > > For some reason, it seems that my subscription to freebsd-security@freebsd.org > list stuttered and I haven't seen any messages from about Apr. 8th to the 14th. > I was wondering if anyone during this time mentioned the recent CERT advisory > regarding BIND 4.9 and 8 issued on the 8th. (I've included a copy below.) No, I don't think there were any news on this. The patch for this problem is simple, I'll attach it at the end of this email. However, there are bunch of other problems with current 4.9 version that gonna be fixed in the next release (hopefully). > > Thanks! > > Aaron out. -- dima *** /usr/src/contrib/bind/named/LINK/ns_req.c Tue Jul 1 13:55:47 1997 --- ns_req.c Tue Apr 14 13:47:17 1998 *************** *** 1007,1013 **** switch (type) { case T_A: #ifndef INVQ ! if (!fake_iquery) return (Refuse); #endif #ifdef INVQ --- 1007,1013 ---- switch (type) { case T_A: #ifndef INVQ ! if (!fake_iquery || dlen != INT32SZ) return (Refuse); #endif #ifdef INVQ *************** *** 1021,1027 **** dprintf(1, (ddt, "req: IQuery class %d type %d\n", class, type)); fname = (char *)msg + HFIXEDSZ; ! bcopy(fname, anbuf, alen = (char *)*cpp - fname); data = anbuf + alen - dlen; *cpp = (u_char *)fname; *buflenp -= HFIXEDSZ; --- 1021,1030 ---- dprintf(1, (ddt, "req: IQuery class %d type %d\n", class, type)); fname = (char *)msg + HFIXEDSZ; ! alen = (char *)*cpp - fname; ! if ((size_t)alen > sizeof anbuf) ! return (Refuse); ! bcopy(fname, anbuf, alen); data = anbuf + alen - dlen; *cpp = (u_char *)fname; *buflenp -= HFIXEDSZ; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message