Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv

From: Brett Glass (brett@lariat.org)
Date: 06/26/02

Next message: Travis Cole: "Re: OpenSSH Advisory (was Re: Much ado about nothing.)"
Previous message: Brett Glass: "Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv"
In reply to: H. Wade Minter: "Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv"
Next in thread: The Anarcat: "Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv"
Reply: The Anarcat: "Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv"
Reply: Brian Behlendorf: "Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv"
Reply: Doug Barton: "Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv"
Reply: H. Wade Minter: "Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 26 Jun 2002 14:37:27 -0600
To: "H. Wade Minter" <minter@lunenburg.org>, freebsd-security@freebsd.org
From: Brett Glass <brett@lariat.org>

At 01:26 PM 6/26/2002, H. Wade Minter wrote:

>So am I correct in assuming that this fix requires a complete system
>rebuild (make buildworld) as opposed to just rebuilding a particular
>module?

Worse than that. Every package or port must be reinstalled
or rebuilt too. Ditto everything you've built from source.
Basically, the entire system must be ripped up by the roots.

This is scary.

There may be one mitigating factor, though. Suppose you
block direct DNS to and from the outside world, allowing
your systems to resolve names only through a DNS server
on your own network that you know is safely patched.
Will this hold off the hordes at the gates? Or is there
a way for a malicious response to sneak through anyway
(as with DNS cache poisoning)?

Also, is the DNS cache in Squid vulnerable?

--Brett

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Next message: Travis Cole: "Re: OpenSSH Advisory (was Re: Much ado about nothing.)"
Previous message: Brett Glass: "Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv"
In reply to: H. Wade Minter: "Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv"
Next in thread: The Anarcat: "Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv"
Reply: The Anarcat: "Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv"
Reply: Brian Behlendorf: "Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv"
Reply: Doug Barton: "Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv"
Reply: H. Wade Minter: "Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: error with config Current kernel file
... On 2004-05-26, sam wrote: ... > buildworld" try to fix the problem. ... This error comes because you didn't follow the right steps to rebuild ...
(comp.unix.bsd.freebsd.misc)
Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv
... On Wed, 26 Jun 2002, Brett Glass wrote: ... >>So am I correct in assuming that this fix requires a complete system ... >>rebuild (make buildworld) as opposed to just rebuilding a particular ...
(FreeBSD-Security)
Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv
... >>So am I correct in assuming that this fix requires a complete system ... >>rebuild (make buildworld) as opposed to just rebuilding a particular ... Every package that is statically linked against libc, ...
(FreeBSD-Security)
Re: problem with 200GB hard drive
... > the partition and then run mkfs.ext3 and format the partition, ... - add patch from Dave Jones ... - fix error message, do block size checking on s390 only ... - automated rebuild ...
(Fedora)
Re: Am I as smart as a SA 200?
... If I can buy these locally, I can fix them up, and make some ... considering buying one of these machines, ... As you develop a regular business and word gets around, ... suspect you will find the price of old machines to rebuild will rise. ...
(sci.engr.joining.welding)