On Wed, Nov 13, 2002 at 12:31:48AM -0500, Roger Ward wrote: > It is my understanding all of these vulnerabilities exist in the *stock* version of Bind 8.3.3-REL from ISC. > > Have any of these issues been addressed in the current version? I can't speak for the security team (since I'm not part of it). As far as I know these vulnerabilities are there in the Debian version. As a matter of fact ISS seems to have given only 9 hours of previous notice to vendors (all UNIX vendors). Unfortunately the only way to fix it currently (since even ISCs has not published patches although there seems to be some patches available from unofficial sources) is to upgrade to bind9. Yuck Regards Javi PS: I suggest to mitigate the issue the steps described for securing DNS on the "Securing Debian Manual" (proper configuration+least priviledge+chrooting)
Attachment:
pgpoo22LjjYmR.pgp
Description: PGP signature