Re: Whom the BIND newest vulnerability concerns?
On Fri, Nov 12, 1999 at 02:06:23PM +0100, Tomasz Papszun wrote:
> the slink (stable) version of bind (1:8.1.25) is relatively old and -
> according to
> http://www.isc.org/products/BIND/bind-security-19991108.html
> - it contains a few security bugs.
> The newest vulnerability _may_ lead to remote root compromise.
>
> Is a corrected package expected?
>
> I'm a little scared of this latest bug... It is connected with "the
> processing of NXT records". I haven't managed to find a clear description
> of this type (NXT) records; seems this is quite new type.
AIUI NXT support was only introduced in 8.2, so 8.1 should be immune to
this attack, however I think it's vulnerable to at least some of the
others.
J.
--
So long, and thanks for all the fish.
This .sig was brought to you by the letter G and the numbers 5 & 20
Product of the Republic of HuggieTag
Reply to: