Subject: Re: ot, security patches, and 1.4.1
To: R. C. Dowdeswell <elric@imrryr.org>
From: nm <nmanisca@vt.edu>
List: current-users
Date: 01/30/2000 13:01:52
At 11:44 PM 1/29/00 -0800, R. C. Dowdeswell wrote:
>
>On 949170696 seconds since the Beginning of the UNIX epoch
>nm wrote:
>>
>>I thought I read somewhere (correct me if I am wrong) that
>>the version of bind that shipped with 1.4.1 contained a bug
>>that may compromise system security.  I could not find a
>>patch for this bug on the ftp site, nor are any bugs listed
>>for 1.4.1 on the web site.
>
>I think that the security advisory against BIND was 8.2.x, whereas
>NetBSD 1.4.1 installs 8.1.2 which does not have the feature that
>was exploited.

Roland Dowdeswell was correct in pointing out that the version of
BIND that ships with 1.4.1 is NOT vulnerable to the attack I was
alluding to (NXT overflow).

Thank you for correcting me.

Nick Maniscalco