[Full-Disclosure] Bind 8 patches available

From: Peter Bieringer (pb@bieringer.de)
Date: 11/16/02 

From: pb@bieringer.de (Peter Bieringer)
Date: Sat, 16 Nov 2002 11:50:41 +0100

--==========1813499384==========
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--On Friday, November 15, 2002 10:03:57 AM +0000
John.Airey@rnib.org.uk wrote:

> I also
> recognise how vital that the root name servers and ccTLD servers
> are patched first (rather worringly, the ISC says the root name
> servers and TLD servers have to be patched first.

But does this really happen on root servers?

version.bind CHAOS/TXT check shows:

# for i in a b c d e f g h i j k l m; do dig -c chaos -t txt
version.bind @$i.ROOT-SERVERS.NET. | grep -v "^;;" | grep -v "^$" |
grep -v ";vers"; echo; done

VGRS1: a,j
8.2.5-REL: b
8.3.3-REL: c,e,f,h
8.3.1-REL: d
8.3.2-REL: g,i,k
BIND-8.3.1-MA-PATCH-JMB-01: l
8.3.3-REL: m

Patches are available for:
BIND 8.3.3
 applies with some offsets on 8.3.2 and 8.3.1 (untested whether
compilable and working afterwards)

BIND 8.2.6
 applies on 8.2.5 (with unimportant minor changes, untested whether
compilable and working afterwards)

So from this point of view it could be happen.

BTW: are root DNS servers using the full and in many cases very
useful featureset of BIND? I thought they only serve one zone, namely
the "." and run some zonetransfer between each other, why not using
i.e. djbdns here ;-)

Any comments?

        Peter 

---
Dr. Peter Bieringer
mailto: pb at bieringer dot de
http://www.bieringer.de/pb/
Key 0x958F422D : B501 24F4 9418 23E2 C0F3  F833 7B57 AA7B 958F 422D
--==========1813499384==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQE91iMKe1eqe5WPQi0RAsJUAKDYO33j9HiW2ndolGbh+GBn6iYSwgCfU5j6
+EJ0coJ4+gQrL7FbsQz24hc=
=Nj/q
-----END PGP SIGNATURE-----
--==========1813499384==========--

Relevant Pages

  • Re: Restricting access to a web server by IP
    ... > remote control clients, etc - we remotely ... > The agrument against is that mpst vulnerabilities seem to come through ... > servers, and blocking access to all IPs accept those on the allowed list - ...
    (comp.security.misc)
  • Re: Restricting access to a web server by IP
    ... > remote control clients, etc - we remotely ... > The agrument against is that mpst vulnerabilities seem to come through ... > servers, and blocking access to all IPs accept those on the allowed list - ...
    (comp.security.firewalls)
  • Re: Restricting access to a web server by IP
    ... > remote control clients, etc - we remotely ... > The agrument against is that mpst vulnerabilities seem to come through ... > servers, and blocking access to all IPs accept those on the allowed list - ...
    (alt.computer.security)
  • Re: Forest to Child -- Permissions
    ... My account can login to all the DCs and has full administrator priv. ... first DC in the root. ... the member servers only ... never happen unless some admin has been mucking about. ...
    (microsoft.public.windows.server.dns)
  • Re: United States Says No! Internet is Ours!
    ... > "The internet is controlled to a large extent by the 'root servers'; ... the set of root name servers. ... > make an annual extortion payment required by ICANN which goes to fund ... > ICANN _could_ have written contracts for users with some protections ...
    (comp.dcom.telecom)
Quantcast