Re: libc flaw: BIND 9 closes most holes but also opens one

From: Doug Barton (DougB@FreeBSD.org)
Date: 06/29/02

• Next message: Brett Glass: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Previous message: Pete Ehlke: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• In reply to: Brett Glass: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Next in thread: Brett Glass: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Reply: Brett Glass: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sat, 29 Jun 2002 14:44:58 -0700
From: Doug Barton <DougB@FreeBSD.org>
To: Brett Glass <brett@lariat.org>

Brett Glass wrote:
>
> At 03:27 PM 6/29/2002, Doug Barton wrote:
>
> > The libbind bug is fixed in both 8.2.6, and 8.3.3. Please be more
> >careful to read what is posted before responding.
>
> I know that there were earlier fixes to prevent buffer overrruns.
> My impression, based on ISC's statements, is that more were required
> after that time. Have you done a diff between 8.2.6 and 8.3.3?

        Non sequitur. I was responding to your claim that libbind was fixed
only in 8.3.3. You are categorically wrong on that point. I already said
that if you're running BIND 8, you're better off with the 8.3.3 version.

> >That said, if you are
> >going to run a BIND 8 server, I think you're a lot better off with
> >8.3.3.
>
> I want to run a BIND 9 server, because it will protect vulnerable
> machines and apps behind it. But it looks as if I'll need to get
> libbind out of 8.3.3, too

        Only if you're using something that links against it. IMO you're better
off just not having it around.

Doug

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: Brett Glass: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Previous message: Pete Ehlke: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• In reply to: Brett Glass: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Next in thread: Brett Glass: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Reply: Brett Glass: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Waiting for BIND security announcement ... include the fixes that the security officer deems important enough to ... I can't speak for the security team, but I'm pretty sure that this ... There is even an option in the port to overwrite the base BIND ... name server to the big bad world while tracking RELENG_N_M ("release ... (freebsd-questions) Re: libc flaw: BIND 9 closes most holes but also opens one ... I know that there were earlier fixes to prevent buffer overrruns. ... I want to run a BIND 9 server, ... (FreeBSD-Security) [UNIX] Hardening the BIND DNS Server ... Hardening the BIND DNS Server ... Your Domain Name Service is the road sign to your systems on the Internet. ... (Securiteam) Re: PDC Is not replicating !! ... Manage to change the Driver issue to boot the server. ... Starting test: Connectivity ... Starting test: Replications ... LDAP Bind. ... (microsoft.public.win2000.active_directory) Re: Mail server security - best practices? ... Both BIND and qmail are pretty secure, ... and mail on a server that's 'half-internal' in that you seem not to ... I still employ IMAP-SSL on the private server, ... (comp.unix.bsd.openbsd.misc)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2002-06