Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BEWARE : Possible compromission under BIND 8.2.2-P5 with Iquery probe

From: "David R. Conrad" <david.conrad () NOMINUM COM>
Date: Tue, 13 Mar 2001 20:21:37 -0800
That it would, but please re-read what I wrote.

BIND version 9 is NOT vulnerable.

BIND version 9 is a completely different code base written by (mostly)
different people -- there is _no_ code shared between BIND 9 and any
earlier version of BIND (we suggested to the ISC to change the name but
they declined).

Rgds,
-drc

At 09:48 AM 3/13/2001 +0100, Daniel Roesen wrote:

On Mon, Mar 12, 2001 at 10:52:51AM -0800, David R. Conrad wrote:
> All versions of BIND except 4.9.8, 8.2.3, and 9.* are
> vulnerable to an information leak bug that permits the dumping of a stack
> frame via a mis-formed IQUERY request.

That BIND 9.* is vulnerable to this problem would be news.


Best regards,
Daniel

--
----------------------------------------------------------------------
entire systems GmbH         | droesen () entire-systems com
Internet Services           | Phone: +49 2624 9550-55
Ferbachstrasse 12           | Fax:   +49 2624 9550-20
D-56203 Hoehr-Grenzhausen   | http://www.entire-systems.com/
----------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: