Bugtraq mailing list archives
Re: BIND bugs of the month
From: David_Conrad () ISC ORG (David R. Conrad)
Date: Sun, 14 Nov 1999 10:13:14 -0800
Dan,
This NXT buffer overflow isn't part of some old code that Paul Vixie inherited from careless graduate students. It's new code.
Actually, most of the code is derived from a prototype DNSSEC implementation done by John Gilmore and TIS quite a while back. TIS (sorry, Network Associates) contributed the revised implementation for the 8.2 release.
Obviously ISC's auditing is inadequate.
For BINDv8, yes, it obviously was.
Is ISC going to rewrite the client and server in a way that gives us confidence in their security?
BIND version 9 is a complete rewrite with an attempt to focus on compartmentalization and auditability of the code. Regards, -drc
Current thread:
- Re: BIND bugs of the month D. J. Bernstein (Nov 12)
- Re: BIND bugs of the month (spoofing secure Web sites?) Peter W (Nov 13)
- Re: BIND bugs of the month (spoofing secure Web sites?) Kurt Seifried (Nov 14)
- Re: BIND bugs of the month (spoofing secure Web sites?) D. J. Bernstein (Nov 13)
- Re: BIND bugs of the month (spoofing secure Web sites?) D. J. Bernstein (Nov 14)
- Re: BIND bugs of the month (spoofing secure Web sites?) Elias Levy (Nov 15)
- Re: BIND bugs of the month (spoofing secure Web sites?) D. J. Bernstein (Nov 14)
- Re: BIND bugs of the month David R. Conrad (Nov 14)
- MacOS 9 and the MacOS Netware Client Matt White (Nov 14)
- Re: MacOS 9 and the MacOS Netware Client deepquest () NETSCAPE NET (Nov 15)
- Re: MacOS 9 and the MacOS Netware Client sherrera () BASS CUESTA CC CA US (Nov 15)
- Re: MacOS 9 and the MacOS Netware Client deepquest () NETSCAPE NET (Nov 15)
- Re: BIND bugs of the month (spoofing secure Web sites?) Peter W (Nov 13)