Re: Resolver Libraries Advisory

To: debian-security@lists.debian.org
Subject: Re: Resolver Libraries Advisory
From: Markus Fischer <mfischer@guru.josefine.at>
Date: Sat, 29 Jun 2002 12:31:42 +0200
Message-id: <[🔎] 20020629103142.GA19206@guru.josefine.at>
In-reply-to: <[🔎] Pine.LNX.4.44.0206291013100.6625-100000@shaun.sheddy.net>
References: <[🔎] Pine.LNX.4.44.0206291013100.6625-100000@shaun.sheddy.net>

On Sat, Jun 29, 2002 at 10:15:15AM +0100, No.Sp@m.here.please wrote : 
> I presume http://www.cert.org/advisories/CA-2002-19.html effects the
> Debian instances of libc and Bind9?

    I'm completely confused what I should make of this advisory.
    If you read the following paragraph:

    "Internet Software Consortium

    All versions of BIND 4 from 4.8.3 prior to BIND 4.9.9 are
    vulnerable.
    All versions of BIND 8 prior to BIND 8.2.6 are vulnerable.
    All versions of BIND 8.3.x prior to BIND 8.3.3 are
    vulnerable.
    BIND versions BIND 9.2.0 and BIND 9.2.1 are vulnerable.

    BIND version 4.8 does not appear to be vulnerable.
    BIND versions BIND 9.0.x and BIND 9.1.x are not vulnerable.

    'named' itself is not vulnerable."

    'named' is not vulnerable, only the resolver library? So if
    I've configured all machines to use my "named" (i.e. they
    never contact a malicious dns server), what is the inpact
    them?

    - Markus


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Resolver Libraries Advisory
  - From: No.Sp@m.here.please

Prev by Date: Re: SSH RSA Authentication
Next by Date: Fw: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries
Previous by thread: Resolver Libraries Advisory
Next by thread: Fw: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries
Index(es):
- Date
- Thread