Bugtraq mailing list archives
Re: Bind 8 bug experience
From: Matthew Dixon Cowles <matt () mondoinfo com>
Date: Wed, 13 Nov 2002 14:36:12 -0600 (CST)
Three bugs in bind 4 and 8 were announced this morning, November 12. At least one has the possibility of arbitrary code execution
[. . .]
I don't know of a similar incident when the known patches to such a serious problem were withheld by a software provider.
Speaking for myself, I never expected anything different. In my experience, when security information is restricted, the people who have it aren't particularly concerned about getting it to the people who don't. More than a year and a half ago, when I saw ISC's message indicating that security information about BIND would be withheld from the public, I removed BIND from all my systems and installed djbdns. Particularly ironic in light of ISC's apparent delay in releasing patches is this from the BIND Member Forum FAQ: Q: So the bind-members Forum programme does not restrict or delay any access to which the industry has become accustomed? A: Right. The documents referred to are archived at: http://marc.theaimsgroup.com/?l=bind-announce&m=98097021832397 http://marc.theaimsgroup.com/?l=bind-announce&m=98126980802945 Regards, Matt
Current thread:
- Bind 8 bug experience Michael Brennen (Nov 14)
- Re: Bind 8 bug experience Glen Bishop (Nov 15)
- Re: Bind 8 bug experience Chris Adams (Nov 15)
- Re: Bind 8 bug experience Matthew Dixon Cowles (Nov 16)
- Re: Bind 8 bug experience Jeremy C. Reed (Nov 16)
- Re: Bind 8 bug experience Olaf Kirch (Nov 15)
- Re: Bind 8 bug experience Paul Theodoropoulos (Nov 18)
- Re: Bind 8 bug experience Olaf Kirch (Nov 15)