Re: named exploit

To: Geert Hendrickx <ghen%telenet.be@localhost>
Subject: Re: named exploit
From: "Steven M. Bellovin" <smb%cs.columbia.edu@localhost>
Date: Fri, 25 Jul 2008 05:36:05 -0400

On Fri, 25 Jul 2008 11:29:44 +0200
Geert Hendrickx <ghen%telenet.be@localhost> wrote:

> On Thu, Jul 24, 2008 at 07:03:50PM +0200, Geert Hendrickx wrote:
> > On Thu, Jul 24, 2008 at 08:17:27AM -0400, Steven M. Bellovin wrote:
> > > On Thu, 24 Jul 2008 06:03:54 -0600 (MDT)
> > > Rick Kelly <rmk%toad.rmkhome.com@localhost> wrote:
> > > 
> > > > 
> > > > Looks like a named exploit is out in the wild now.
> > > > 
> > > > http://www.caughq.org/exploits/CAU-EX-2008-0002.txt
> > > > 
> > > Yes.  Until the fixes are fully in our tree, I suggest running
> > > bind9 or bind95 from pkgsrc.  (And make sure you disable any
> > > query-source lines in your named.conf.)
> > 
> > 
> > HEAD, netbsd-4 and netbsd-4-0 have the fix already.  netbsd-3* will
> > follow shortly.
> > 
> 
> 
> NetBSD 3.* has been updated too, now.
> 
Great -- my thanks to everyone who did it.

Anyway -- I strongly suggest that everyone running named as a resolver
(as opposed to simply as a non-recursive, authoritative server) install
a patched version of bind, either from the updated source tree or from
pkgsrc.


                --Steve Bellovin, http://www.cs.columbia.edu/~smb

References:
- named exploit
  - From: Rick Kelly
- Re: named exploit
  - From: Steven M. Bellovin
- Re: named exploit
  - From: Geert Hendrickx
- Re: named exploit
  - From: Geert Hendrickx

Prev by Date: Re: named exploit
Next by Date: Re: named exploit
Previous by Thread: Re: named exploit
Next by Thread: Re: named exploit
Indexes:

Home | Main Index | Thread Index | Old Index