Re: libc flaw: BIND 9 closes most holes but also opens one

From: Brett Glass (brett@lariat.org)
Date: 06/29/02

• Next message: FreeBSD user: "Re: Sshd fix"
• Previous message: Doug Barton: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• In reply to: Doug Barton: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Next in thread: Pete Ehlke: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Reply: Pete Ehlke: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Reply: Doug Barton: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sat, 29 Jun 2002 15:35:02 -0600
To: Doug Barton <DougB@FreeBSD.org>
From: Brett Glass <brett@lariat.org>

At 03:27 PM 6/29/2002, Doug Barton wrote:

> The libbind bug is fixed in both 8.2.6, and 8.3.3. Please be more
>careful to read what is posted before responding.

I know that there were earlier fixes to prevent buffer overrruns.
My impression, based on ISC's statements, is that more were required
after that time. Have you done a diff between 8.2.6 and 8.3.3?

>That said, if you are
>going to run a BIND 8 server, I think you're a lot better off with
>8.3.3.

I want to run a BIND 9 server, because it will protect vulnerable
machines and apps behind it. But it looks as if I'll need to get
libbind out of 8.3.3, too, unless there's a new release of BIND 9
that includes it.

--Brett

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: FreeBSD user: "Re: Sshd fix"
• Previous message: Doug Barton: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• In reply to: Doug Barton: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Next in thread: Pete Ehlke: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Reply: Pete Ehlke: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Reply: Doug Barton: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Waiting for BIND security announcement ... include the fixes that the security officer deems important enough to ... I can't speak for the security team, but I'm pretty sure that this ... There is even an option in the port to overwrite the base BIND ... name server to the big bad world while tracking RELENG_N_M ("release ... (freebsd-questions) Re: libc flaw: BIND 9 closes most holes but also opens one ... > I know that there were earlier fixes to prevent buffer overrruns. ... that if you're running BIND 8, you're better off with the 8.3.3 version. ... > I want to run a BIND 9 server, ... (FreeBSD-Security) [UNIX] Hardening the BIND DNS Server ... Hardening the BIND DNS Server ... Your Domain Name Service is the road sign to your systems on the Internet. ... (Securiteam) Re: PDC Is not replicating !! ... Manage to change the Driver issue to boot the server. ... Starting test: Connectivity ... Starting test: Replications ... LDAP Bind. ... (microsoft.public.win2000.active_directory) Re: Mail server security - best practices? ... Both BIND and qmail are pretty secure, ... and mail on a server that's 'half-internal' in that you seem not to ... I still employ IMAP-SSL on the private server, ... (comp.unix.bsd.openbsd.misc)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2002-06