[12582] in bugtraq
Re: BIND bugs of the month
daemon@ATHENA.MIT.EDU (David R. Conrad)
Sun Nov 14 16:43:43 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <382EFBBA.9F897FEE@isc.org>
Date: Sun, 14 Nov 1999 10:13:14 -0800
Reply-To: "David R. Conrad" <David_Conrad@ISC.ORG>
From: "David R. Conrad" <David_Conrad@ISC.ORG>
X-To: "D. J. Bernstein" <djb@CR.YP.TO>
To: BUGTRAQ@SECURITYFOCUS.COM
Dan,
> This NXT buffer overflow isn't part of some old code that Paul Vixie
> inherited from careless graduate students. It's new code.
Actually, most of the code is derived from a prototype DNSSEC implementation
done by John Gilmore and TIS quite a while back. TIS (sorry, Network
Associates) contributed the revised implementation for the 8.2 release.
> Obviously ISC's auditing is inadequate.
For BINDv8, yes, it obviously was.
> Is ISC going to
> rewrite the client and server in a way that gives us confidence in
> their security?
BIND version 9 is a complete rewrite with an attempt to focus on
compartmentalization and auditability of the code.
Regards,
-drc
