[1828] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Named update for RH 4.2 exploitable?

daemon@ATHENA.MIT.EDU (Yakko J. Warner)
Sun Jun 7 04:09:36 1998

Date: Sat, 6 Jun 1998 18:25:04 -0500
From: "Yakko J. Warner" <yakko@yallp.com>
To: linux-security@redhat.com
In-Reply-To: <199806062110.RAA01110@alcove.wittsend.com>; from Michael H. Warfield on Sat, Jun 06, 1998 at 05:10:21PM -0400
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

On Sat, Jun 06, 1998 at 05:10:21PM -0400, Michael H. Warfield wrote:

> 	Ahhhhh!!!!  If the latest RPM's are STILL using 4.9.x instead of
> the latest 8.1.x, people should be really upset.  Bind 8.1.1 has been out
> for quite some time and, unless you have turned on those assinine fake INVQ
> inverse queries, it is not vulnerable to the remote root hack.  It was still
> vulnerable to several DoS attacks and everyone should now be using 8.1.2.
> I don't know what's in the RPM's simply because I build straight from Paul
> Vixie's sources up at www.isc.com.  I know of no reasons to be sitting
> on the 4.9.x stuff any more unless you are in love with or need some
> compatibility with /etc/named.boot (8.1.x uses the newer, more flexible
> /etc/named.conf).

I use RHS 5.0 .. bind-4.9.6-7 was built with INVQ #define'd.  I found this out
because I got ahold of the ADMw0rm thing, and all that the `testvuln' program
does is see if INVQ is set.  So, I hacked the patch in the SRPM and rebuilt
without INVQ.  End of that story.

'kay bye.
Yakko [who really should see about going to BIND8]
-- 
\\\\////\\\\////\\\\////\\\\////\\\\////\\\\////\\\\////\\\\////\\\\////\\\
\ A!JW22 WAR+++i^ P&B++ RI++ I++++ \  `888888P"   \    Geek since 1985,   \
\ Dai T428 $++++dmvap SL++i^       \     J8L      \    and proud of it.   \
\ Vr++m++ Xpackage E70a H5         \    """""     \      whois: CE334     \
\     Christopher A. Eslinger - yakko@{yallp.com,wtower.com,idt.net}      \
\\\\////\\\\////\\\\////\\\\////\\\\////\\\\////\\\\////\\\\////\\\\////\\\


[mod: The URL for BIND sources that was recently mentioned should be:
http://www.isc.org/ . Thanks to Dick Balaska (dick@buckosoft.com) for
noticing this. -- REW]

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post