Re: Bind: FreeBSD-SA-01:10 and CERT Advisory CA-2001-02

From: Kris Kennaway (
Date: 01/29/01

Date: Mon, 29 Jan 2001 11:48:09 -0800
From: Kris Kennaway <>
To: Igor Roshchin <>

On Mon, Jan 29, 2001 at 11:29:51AM -0500, Igor Roshchin wrote:

> -------
> This is not true, because 4.0-RELEASE was shipped with
> named 8.2.2-P5-NOESW Mon Mar 20 20:43:54 GMT 2000
> Thus, the statement in the advisory in question might be
> at least misleading.

Hmm, oops. I'll update it.

> Therefore :
> My question:
> Is 8.2.2-P5-NOESW (shipped with 4.0-RELEASE) vulnerable to
> a) the problem described in FreeBSD-SA-01:10

Sounds like.

> b) the problem described in CERT Advisory CA-2001-02
> (Multiple Vulnerabilities in BIND), VU#196945 (see that advisory
> at the bottom of this message).

No, that's a new problem we found out about a few days ago. Ain't
software great?

An advisory will be forthcoming.


To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message