Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv

From: Brett Glass (
Date: 06/26/02

Date: Wed, 26 Jun 2002 14:37:27 -0600
To: "H. Wade Minter" <>,
From: Brett Glass <>

At 01:26 PM 6/26/2002, H. Wade Minter wrote:

>So am I correct in assuming that this fix requires a complete system
>rebuild (make buildworld) as opposed to just rebuilding a particular

Worse than that. Every package or port must be reinstalled
or rebuilt too. Ditto everything you've built from source.
Basically, the entire system must be ripped up by the roots.

This is scary.

There may be one mitigating factor, though. Suppose you
block direct DNS to and from the outside world, allowing
your systems to resolve names only through a DNS server
on your own network that you know is safely patched.
Will this hold off the hordes at the gates? Or is there
a way for a malicious response to sneak through anyway
(as with DNS cache poisoning)?

Also, is the DNS cache in Squid vulnerable?


To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message