Date: Wed, 23 Apr 1997 10:15:30 +0000 (GMT) From: The Code Warrior <jbowie@bsdnet.org> To: Dmitry Valdov <dv@kis.ru> Cc: freebsd-security@FreeBSD.ORG Subject: Re: SNI-12: BIND Vulnerabilities and Solutions (fwd) Message-ID: <Pine.BSF.3.96.970423100818.1014A-100000@utopia.nh.ultranet.com> In-Reply-To: <Pine.BSF.3.95q.970422231144.12297A-100000@xkis.kis.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 22 Apr 1997, Dmitry Valdov wrote: > Hello! > > Is fbsd 2.2.1 vulnerable? If yes are there any patches available specially > for FreeBSD? > > Well, I would have to say it is definitely vulnerable to the first prob- lem presented, as the BIND code is all the same, and the 2.2.1 release has a BIND distro which falls within the version constraints of the exploit, that it would have to be vulnerable. The second vulnerability however might not apply to us. I haven't checked the gethostby* libs, so I'm not sure if the resolver does internal bounds checking, rather than just letting you overflow the stack with a spoofed DNS name. I will look into it this afternoon. -Jon Bowie SysAdmin / Consulting / TeenSysop. 603-436-5698 jbowie@bsdnet.org "...And I still believe that I can not be saved." -Billy Corgan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970423100818.1014A-100000>