Re: Bind: FreeBSD-SA-01:10 and CERT Advisory CA-2001-02

From: Kris Kennaway (kris@obsecurity.org)
Date: 01/29/01


Date: Mon, 29 Jan 2001 11:48:09 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Igor Roshchin <str@giganda.komkon.org>


On Mon, Jan 29, 2001 at 11:29:51AM -0500, Igor Roshchin wrote:

> My COMMENT:
> -------
> This is not true, because 4.0-RELEASE was shipped with
> named 8.2.2-P5-NOESW Mon Mar 20 20:43:54 GMT 2000
> root@monster.cdrom.com:/usr/obj/usr/src/usr.sbin/named
> Thus, the statement in the advisory in question might be
> at least misleading.

Hmm, oops. I'll update it.

> Therefore :
> My question:
> Is 8.2.2-P5-NOESW (shipped with 4.0-RELEASE) vulnerable to
> a) the problem described in FreeBSD-SA-01:10

Sounds like.

> b) the problem described in CERT Advisory CA-2001-02
> (Multiple Vulnerabilities in BIND), VU#196945 (see that advisory
> at the bottom of this message).

No, that's a new problem we found out about a few days ago. Ain't
software great?

An advisory will be forthcoming.

Kris



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message