Waiting for BIND security announcement
Jeffrey Goldberg
jeffrey at goldmark.org
Tue Jul 24 23:15:52 UTC 2007
[I'm cc'ing this to secteam at freebsd.org, but they are probably
already aware of things. I don't require a response from them, but
if they do, a posting to the questions are announcement lists would
be great. I don't need a personal response.]
As I'm sure many people know there is a newly discovered BIND
vulnerability allowing cache injection (pharming). See
http://www.isc.org/index.pl?/sw/bind/bind-security.php
for details.
The version of bind on 6.2, 9.3.3, looks like it is vulnerable (along
with many other versions). It's not particularly an issue for me
since my name servers aren't publicly queryable, but I am curios
about how things like security problems in
src/contrib get handled in FreeBSD.
Cheers,
-j
--
Jeffrey Goldberg http://www.goldmark.org/jeff/
More information about the freebsd-questions
mailing list