Waiting for BIND security announcement

Jeffrey Goldberg jeffrey at goldmark.org
Tue Jul 24 23:15:52 UTC 2007

[I'm cc'ing this to secteam at freebsd.org, but they are probably  
already aware of things.  I don't require a response from them, but  
if they do, a posting to the questions are announcement lists would  
be great.  I don't need a personal response.]

As I'm sure many people know there is a newly discovered BIND  
vulnerability allowing cache injection (pharming).  See


for details.

The version of bind on 6.2, 9.3.3, looks like it is vulnerable (along  
with many other versions).  It's not particularly an issue for me  
since my name servers aren't publicly queryable, but I am curios  
about how things like security problems in
src/contrib get handled in FreeBSD.



Jeffrey Goldberg                        http://www.goldmark.org/jeff/

More information about the freebsd-questions mailing list