RE: FreeBSD Security Advisory FreeBSD-SA-09:04.bind



Hi Leonid,

I got the message, so it looks like at least something is working.

From the advisory:

NOTE WELL: If named(8) is not explicitly set to use DNSSEC the setup
is not vulnerable to the issue as described in this Security Advisory.

We are not using DNSSEC on either the internal or external BIND
instances. We *are* using authentication keys for some of the internal
infrastructure (for dynamic updates) but not for the external, and
this facility uses shared-secrets anyway rather than PKI.

I think we're OK unless we're going to light up DNSSEC in the near
future.

+-----------------------------------------+----------------------------+
| Carl Richard Friend (UNIX Sysadmin) | Natick, Massachusetts, USA |
| Minicomputer Collector / Enthusiast | 01760-2098 |
| mailto:carl_friend@xxxxxxxxxxxxx +----------------------------+
| http://users.rcn.com/crfriend/museum | ICBM: +42:18:00 -71:21:03 |
+-----------------------------------------+----------------------------+

_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: FreeBSD Security Advisory FreeBSD-SA-06:25.kmem
    ... Security Advisory The FreeBSD Project ... ... Such memory might contain sensitive information, ... kernel memory really isn't very much of a privilege escalation. ...
    (FreeBSD-Security)
  • Mea culpa!
    ... Here is the relevant Advisory Info I received, ... Title: Microsoft Security Advisory Notification ... announce a pilot of a new offering, Microsoft Security Advisories, ...
    (microsoft.public.windowsxp.general)
  • CVE-2014-2735 - WinSCP: missing X.509 validation
    ... Vulnerability Type: Missing X.509 validation ... Public Disclosure: 2014-04-16 ... Author of Advisory: Micha Borrmann ... The information provided in this security advisory is provided "as is" ...
    (Bugtraq)
  • [OpenPKG-SA-2006.028] OpenPKG Security Advisory (php)
    ... According to a security advisory from Stefan Esser of the ... buffer overflows exist in the programming ... this advisory was digitally signed with the ... Comment: OpenPKG ...
    (Bugtraq)
  • Re: [Full-disclosure] [UPH-07-01] Firefly Media Server DoS
    ... the attached .txt for the correct version of the advisory. ... Hash: SHA1 ... UnprotectedHex.com security advisory ... Reported to the vendor: 13 October 2007 ...
    (Full-Disclosure)