FreeBSD 7.1 and BIND exploit
Max Laier
max at love2party.net
Mon Jul 21 19:51:24 UTC 2008
On Monday 21 July 2008 21:14:22 Doug Barton wrote:
> Brett Glass wrote:
> | Everyone:
> |
> | Will FreeBSD 7.1 be released in time to use it as an upgrade to
> | close the BIND cache poisoning hole?
>
> Brett, et al,
>
> I'll make this simple for you. If you have a server that is running
> BIND, update BIND now. If you need to use the ports, that's fine, just
> do it now. Make sure that you are not specifying a port via any
> query-source* options in named.conf, and that any firewall between
> your named process and the outside world does keep-state on outgoing
> UDP packets.
... and that any NAT device employs at least a somewhat random port
allocation mechanism - pf provides this.
> If you have a system with BIND installed (as it is by default) but you
> are NOT running named, you don't need to worry about updating now, but
> you should do it "soonish" just in case someone gets a wild hair and
> starts up named on that box.
>
> As for the meta-question, FreeBSD is currently operating on a
> time-based release schedule, not a feature-based one. And to your
> actual question, the answer is no.
>
>
> hope this helps,
>
> Doug
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
More information about the freebsd-stable
mailing list