Re: libc flaw: BIND 9 closes most holes but also opens one

From: Brett Glass (brett@lariat.org)
Date: 06/29/02

• Next message: Brett Glass: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Previous message: Doug Barton: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• In reply to: Pete Ehlke: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Next in thread: Doug Barton: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Reply: Doug Barton: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Reply: Pete Ehlke: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 29 Jun 2002 15:47:56 -0600
To: Pete Ehlke <pde@rfc822.net>, security@FreeBSD.ORG
From: Brett Glass <brett@lariat.org>

At 03:43 PM 6/29/2002, Pete Ehlke wrote:

>Please, Brett. Don't embarass yourself further on this.
>
>http://marc.theaimsgroup.com/?l=bind-announce&m=102527571007047&w=2d-security>
>http://marc.theaimsgroup.com/?l=bind-announce&m=102527570707030&w=2

Embarrass? The page you cite actually proves that I'm correct! It
says:

>Highlights vs. 8.3.2
> Security Fix libbind. All applications linked against libbind
> need to re-linked.

What this means is that the only safe version of libbind is 8.3.3.
BIND 9.2.1 includes an older version of libbind, and so while its
named is not vulnerable (and in fact can be used to shield other
machines), its libbind is.

--Brett

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Brett Glass: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Previous message: Doug Barton: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• In reply to: Pete Ehlke: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Next in thread: Doug Barton: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Reply: Doug Barton: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Reply: Pete Ehlke: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: libc flaw: BIND 9 closes most holes but also opens one ... Don't embarass yourself further on this. ... The page you cite actually proves that I'm correct! ... > What this means is that the only safe version of libbind is 8.3.3. ... (FreeBSD-Security) Re: libc flaw: BIND 9 closes most holes but also opens one ... Brett Glass wrote: ... Don't embarass yourself further on this. ... The page you cite actually proves that I'm correct! ... (FreeBSD-Security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint