Date: 03 Jul 2002 03:18:28 +0200 From: Dag-Erling Smorgrav <des@ofug.org> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: "Peter Brezny" <peter@skyrunner.net>, <freebsd-security@FreeBSD.ORG> Subject: Re: CERT Advisory CA-2002-18 OpenSSH Vulnerabilities in Challenge Response Message-ID: <xzpbs9p8v8b.fsf@flood.ping.uio.no> In-Reply-To: <200207030109.g6319Ufb008965@apollo.backplane.com> References: <NEBBIGLHNDFEJMMIEGOOGEHGFCAA.peter@skyrunner.net> <xzpk7od8vwt.fsf@flood.ping.uio.no> <200207030109.g6319Ufb008965@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Dillon <dillon@apollo.backplane.com> writes: > My question is simple: Is the named in -stable currently vulnerable or > has it been fixed? I know the port is fixed. What about the named > sitting in -stable? As far as I know, named itself is not vulnerable, but libbind contains the bug, and software that uses libbind's gethost*() (nothing in the base system does) is vulnerable. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpbs9p8v8b.fsf>