Re: libc flaw: BIND 9 closes most holes but also opens one

From: Brett Glass (brett@lariat.org)
Date: 06/29/02 

Date: Sat, 29 Jun 2002 15:47:56 -0600
To: Pete Ehlke <pde@rfc822.net>, security@FreeBSD.ORG
From: Brett Glass <brett@lariat.org>

At 03:43 PM 6/29/2002, Pete Ehlke wrote:

>Please, Brett. Don't embarass yourself further on this.
>
>http://marc.theaimsgroup.com/?l=bind-announce&m=102527571007047&w=2d-security>
>http://marc.theaimsgroup.com/?l=bind-announce&m=102527570707030&w=2

Embarrass? The page you cite actually proves that I'm correct! It
says:

>Highlights vs. 8.3.2
> Security Fix libbind. All applications linked against libbind
> need to re-linked.

What this means is that the only safe version of libbind is 8.3.3.
BIND 9.2.1 includes an older version of libbind, and so while its
named is not vulnerable (and in fact can be used to shield other
machines), its libbind is.

--Brett

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages