Re: Whom the BIND newest vulnerability concerns?
On Fri, 12 Nov 1999 at 13:13:12 +0000, Jonathan McDowell wrote:
>
> On Fri, Nov 12, 1999 at 02:06:23PM +0100, Tomasz Papszun wrote:
>
> > the slink (stable) version of bind (1:8.1.25) is relatively old and -
> > according to
> > http://www.isc.org/products/BIND/bind-security-19991108.html
> > - it contains a few security bugs.
> > The newest vulnerability _may_ lead to remote root compromise.
> >
> > Is a corrected package expected?
> >
> > I'm a little scared of this latest bug... It is connected with "the
> > processing of NXT records". I haven't managed to find a clear description
> > of this type (NXT) records; seems this is quite new type.
>
> AIUI NXT support was only introduced in 8.2, so 8.1 should be immune to
Thank you for the answer.
But if a server with version 8.2 has _not_ these NXT records itself, is it
vulnerable due to _outer_ DNS servers or clients?
> this attack, however I think it's vulnerable to at least some of the
> others.
Yes - according to the mentioned URL - to 4 of 6 bugs:
" The following table summarizes the vulnerability to the bugs mentioned
in this advisory for all versions of BIND distributed by ISC.
Upgrading to BIND version 8.2.2 patchlevel 3 is strongly recommended
for all users of BIND.
version nxt sig naptr maxdname solinger fdmax
4.8 -
4.8.1 -
4.8.2.1 -
4.8.3 -
4.9.3 -
4.9.4 -
4.9.4 p1 -
4.9.5 + + +
4.9.5 p1 + + +
4.9.6 + + +
4.9.7 - + +
8.1 + + + + +
8.1.1 + + + + +
8.1.2 - + + + +
8.2 + + + + + +
8.2 p1 + + + + + +
8.2.1 + + + + + +
8.2.2 - - + + - -
8.2.2 p1 - - + + - -
8.2.2 p2 - - - - - -
8.2.2 p3 - - - - - - Vulnerable: '+', Not Vulnerable: '-', Feature
does not exist: ' ' "
Sorry for bad formatting, the original page uses lynx-unfriendly tables.
> J.
>
> --
> So long, and thanks for all the fish.
> This .sig was brought to you by the letter G and the numbers 5 & 20
> Product of the Republic of HuggieTag
--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
tomek@lodz.tpsa.pl http://www.lodz.tpsa.pl/ | ones and zeros.
Reply to: