Re: libc flaw: BIND 9 closes most holes but also opens one

From: Brett Glass (brett@lariat.org)
Date: 06/29/02

• Next message: Brett Glass: "Re: libc resolver fix: can we applied to 3-stable or before?"
• Previous message: Scott M. Nolde: "Re: openssh 3.4p1 ports installation fails"
• In reply to: Mark.Andrews@isc.org: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Next in thread: Doug Barton: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Reply: Doug Barton: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 29 Jun 2002 12:34:55 -0600
To: Mark.Andrews@isc.org
From: Brett Glass <brett@lariat.org>

At 09:35 PM 6/28/2002, Mark.Andrews@isc.org wrote:

> Firstly lib/bind is *not* built by default. You have to
> explictly build it with "configure --enable-libbind".

If that's so, you may still have an old libbind on your system
which is vulnerable. ONLY the libbind from 8.3.3 is immune.

> "libbind" is a *copy* of BIND 8's libbind which *is* fixed
> in 8.2.6 and 8.3.3.

Only in 8.3.3, according to ISC. BIND 9.2.1's libbind is not fixed.
See

http://www.cert.org/advisories/CA-2002-19.html

--Brett

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Brett Glass: "Re: libc resolver fix: can we applied to 3-stable or before?"
• Previous message: Scott M. Nolde: "Re: openssh 3.4p1 ports installation fails"
• In reply to: Mark.Andrews@isc.org: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Next in thread: Doug Barton: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Reply: Doug Barton: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: libc flaw: BIND 9 closes most holes but also opens one ... That's not the version of libbind that's in 9.2.1. ... Bind itself does not link to it in the default installation, ... ported/portable software) can an installation of Bind introduce risk. ... (FreeBSD-Security) named 8.3.2-T1B vulnerable? ... boxes, 8 rebuilds, libc now this libbind thing. ... I just cvsuped and no changes other than ports. ... Any ideas on when/if the new bind will be getting to 4_6? ... (FreeBSD-Security) Re: libc flaw: BIND 9 closes most holes but also opens one ... Brett Glass wrote: ... ONLY the libbind from 8.3.3 is immune. ... BIND 9.2.1's libbind is not fixed. ... - George W. Bush, President of the United States State of the Union, January 28, 2002 ... (FreeBSD-Security) Re: libc flaw: BIND 9 closes most holes but also opens one ... On Sat, 29 Jun 2002, Brett Glass wrote: ... The URL I left in the quotation above is the ... That's not the version of libbind that's in 9.2.1. ... with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint