Bugtraq mailing list archives

Re: yes, there's another hole in BIND

From: rwing!pat () ole cdac com (Pat Myrto)
Date: Fri, 22 Jul 94 6:51:22 PDT


"In the previous message, Paul A Vixie said..."


yes, a patch is in the works, and i'm testing it now.

no, i'm not going to tell anybody what it is until i've got it fixed.


Security through obscurity is alive and well here, too, I see.  Therefore
the crackers who are exploiting the hole have the guaranteed knowlege
that all users of DNS are vulnerable.

Great.

Perhaps more than ONE head working on the problem might be a good idea?
Surely there is more than ONE person that can devise a fix...
-- 
pat@rwing  [If all fails, try:  rwing!pat () eskimo com]  Pat Myrto - Seattle WA
"No one has the right to destroy another person's belief by demanding
empirical evidence."  --   Ann Landers, nationally syndicated advice columnist
and Director at Handgun Control Inc.

Current thread:

Re: Sending escape sequences to xterms via wall/talk, (continued)
- - - Re: Sending escape sequences to xterms via wall/talk pluvius (Jul 22)
    - Is starting a user program on priv port via inetd dangerous ? Doug McLaren (Jul 21)
    - Re: Is starting a user program on priv port via inetd dangerous ? Eric Murray (Jul 21)
    - Re: Is starting a user program on priv port via inetd dangerous ? matthew green (Jul 21)
    - Re: Is starting a user program on priv port via inetd dangerous ? Darren Reed (Jul 22)
    - Re: Is starting a user program on priv port via inetd dangerous ? jmc () gnu ai mit edu (Jul 22)
    - yes, there's another hole in BIND Paul A Vixie (Jul 21)
    - Re: yes, there's another hole in BIND Resident Hacker (Jul 22)
    - Re: yes, there's another hole in BIND Paul A Vixie (Jul 22)
    - Re: yes, there's another hole in BIND Perry E. Metzger (Jul 22)
    - Re: yes, there's another hole in BIND Pat Myrto (Jul 22)
    - Re: yes, there's another hole in BIND David Barr (Jul 22)
    - Re: yes, there's another hole in BIND Joe Hentzel (Jul 22)
    - *PLEASE* shut up Dave Sill (Jul 22)
    - Re: Is starting a user program on priv port via inetd dangerous ? Graham Toal (Jul 22)
    - Re: Sending escape sequences to xterms via wall/talk jmc () gnu ai mit edu (Jul 20)
    - root name server corruption, denial of service prob Mark (Jul 21)
    - Re: root name server corruption, denial of service prob Mark Kosters (Jul 21)
- Re: Wall and talkd pass binary data Paul Robinson (Jul 20)
  - Re: Escape sequences (was Wall and talkd pass binary data) Bruce Barnett (Jul 20)
- Re: Wall and talkd pass binary data Richard Huddleston (Jul 20)

(Thread continues...)