Re: named exploit

To: Geert Hendrickx <ghen%telenet.be@localhost>, "Steven M. Bellovin" <smb%cs.columbia.edu@localhost>, rmk%rmkhome.com@localhost, rmk%toad.rmkhome.com@localhost, netbsd-users%NetBSD.org@localhost
Subject: Re: named exploit
From: Adrian Portelli <adrianp%stindustries.net@localhost>
Date: Fri, 25 Jul 2008 10:51:12 +0100

Geert Hendrickx wrote:

On Thu, Jul 24, 2008 at 07:03:50PM +0200, Geert Hendrickx wrote:

On Thu, Jul 24, 2008 at 08:17:27AM -0400, Steven M. Bellovin wrote:

On Thu, 24 Jul 2008 06:03:54 -0600 (MDT)
Rick Kelly <rmk%toad.rmkhome.com@localhost> wrote:

Looks like a named exploit is out in the wild now.

http://www.caughq.org/exploits/CAU-EX-2008-0002.txt

Yes.  Until the fixes are fully in our tree, I suggest running bind9 or
bind95 from pkgsrc.  (And make sure you disable any query-source lines
in your named.conf.)


HEAD, netbsd-4 and netbsd-4-0 have the fix already.  netbsd-3* will follow
shortly.



NetBSD 3.* has been updated too, now.

        Geert


For anyone who hasn't seen it:

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-009.txt.asc

adrian.

References:
- named exploit
  - From: Rick Kelly
- Re: named exploit
  - From: Steven M. Bellovin
- Re: named exploit
  - From: Geert Hendrickx
- Re: named exploit
  - From: Geert Hendrickx

Prev by Date: Re: named exploit
Next by Date: issues with tftpd
Previous by Thread: Re: named exploit
Next by Thread: Re: named exploit
Indexes:

Home | Main Index | Thread Index | Old Index