Re: Whom the BIND newest vulnerability concerns?

To: debian-devel@lists.debian.org
Subject: Re: Whom the BIND newest vulnerability concerns?
From: Jonathan McDowell <noodles@ox.compsoc.net>
Date: Fri, 12 Nov 1999 13:13:12 +0000
Message-id: <19991112131312.B11730@orange.keble.ox.ac.uk>
In-reply-to: <19991112140622.A30598@lodz.tpsa.pl>; from Tomasz Papszun on Fri, Nov 12, 1999 at 02:06:23PM +0100
References: <19991112140622.A30598@lodz.tpsa.pl>

On Fri, Nov 12, 1999 at 02:06:23PM +0100, Tomasz Papszun wrote:

> the slink (stable) version of bind (1:8.1.25) is relatively old and -
> according to 
> http://www.isc.org/products/BIND/bind-security-19991108.html
> - it contains a few security bugs. 
> The newest vulnerability _may_ lead to remote root compromise.
> 
> Is a corrected package expected?
> 
> I'm a little scared of this latest bug... It is connected with "the
> processing of NXT records". I haven't managed to find a clear description
> of this type (NXT) records; seems this is quite new type. 

AIUI NXT support was only introduced in 8.2, so 8.1 should be immune to
this attack, however I think it's vulnerable to at least some of the
others.

J.

-- 
So long, and thanks for all the fish.                                   
This .sig was brought to you by the letter G and the numbers 5 & 20
Product of the Republic of HuggieTag

Reply to:

Follow-Ups:
- Re: Whom the BIND newest vulnerability concerns?
  - From: Tomasz Papszun <tomek@lodz.tpsa.pl>

References:
- Whom the BIND newest vulnerability concerns?
  - From: Tomasz Papszun <tomek@lodz.tpsa.pl>

Prev by Date: Whom the BIND newest vulnerability concerns?
Next by Date: Re: Whom the BIND newest vulnerability concerns?
Previous by thread: Whom the BIND newest vulnerability concerns?
Next by thread: Re: Whom the BIND newest vulnerability concerns?
Index(es):
- Date
- Thread