[1832] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Named update for RH 4.2 exploitable?

daemon@ATHENA.MIT.EDU (Hugo van der Kooij)
Sun Jun 7 10:45:42 1998

Date: Sun, 7 Jun 1998 12:07:33 +0200 (CEST)
From: Hugo van der Kooij <hvdkooij@caiw.nl>
Reply-To: Hugo.van.der.Kooij@caiw.nl
To: linux-security@redhat.com
In-Reply-To: <199806062110.RAA01110@alcove.wittsend.com>
Resent-From: linux-security@redhat.com

On Sat, 6 Jun 1998, Michael H. Warfield wrote:

> Jiva DeVoe enscribed thusly:
> 
> > Someone I was speaking with this evening claimed they have installed the
> > latest named rpms yet they are still getting exploited daily and being
> > hacked.  Do the latest rpm's for the named 4.9.x stuff fix all the root
> > exploits or is this person just an idiot who probably has holes elsewhere in
> > the system?
> 
> 	Ahhhhh!!!!  If the latest RPM's are STILL using 4.9.x instead of
> the latest 8.1.x, people should be really upset.  Bind 8.1.1 has been out
> for quite some time and, unless you have turned on those assinine fake INVQ
> inverse queries, it is not vulnerable to the remote root hack.  It was still
> vulnerable to several DoS attacks and everyone should now be using 8.1.2.
> I don't know what's in the RPM's simply because I build straight from Paul
> Vixie's sources up at www.isc.com.  I know of no reasons to be sitting
> on the 4.9.x stuff any more unless you are in love with or need some
> compatibility with /etc/named.boot (8.1.x uses the newer, more flexible
> /etc/named.conf).

8.1 claims about twice as much memory as 4.9.x while adding no usefull
features to me.

So there is an argument in favor.

Hugo.

	+------------------------+------------------------------+
	| Hugo van der Kooij     | Hugo.van.der.Kooij@caiw.nl   |
	| Oranje Nassaustraat 16 | http://www.caiw.nl/~hvdkooij |
	| 3155 VJ  Maasland      | (De man met de rode hoed)    |
	+------------------------+------------------------------+
    "Computers let you make more mistakes faster than any other invention in 
      human history, with the possible exception of handguns and tequila."
		(Mitch Radcliffe)

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post