Hi,

The NetBSD 1.2 Bind appears to be version 4.9.3-P1, which would indicate
it's vulnerable (4.9.4-P1 and above are safe).  I recently upgraded one of
our machines to 4.9.5 and had no problems (besides some libresolv
wierdness).

I'm not sure if upgrading BIND is good enough though?  I have talk off
temporarily, but I can't leave it off.  I've got the patches for FreeBSD
and I am going to compare them to the NetBSD source.  I'll let you know if
I have any luck patching talkd.

Rick

On Tue, 28 Jan 1997, Paulo Alexandre Pinto Pires wrote:

> Hello,
> 
> As for CERT advisory 97.04 (talkd vunerability due to BIND's
> checking of bounds weakness), I'd like to know wether BIND provided
> in NetBSD-1.2 and NetBSD-current are vulnerable.
> 
> ---
> 	Pappires
> 

=========================================================================
Rick Byers                                      Internet Access Worldwide
rickb@iaw.on.ca                                System Admin, Tech Support
Welland, Ontario, Canada                                    (905)714-1400
http://www.iaw.on.ca/rickb/                         http://www.iaw.on.ca/