[8467] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: tcpd -DPARANOID doesn't work, and never did

daemon@ATHENA.MIT.EDU (Dave Barr)
Mon Nov 9 18:39:27 1998

Date: 	Mon, 9 Nov 1998 18:09:50 -0500
Reply-To: barr@CIS.OHIO-STATE.EDU
From: Dave Barr <barr@CIS.OHIO-STATE.EDU>
To: BUGTRAQ@NETSPACE.ORG

Wietse Venema wrote:
>
> The claim made in the SUBJECT line is incorrect.
>
> First of all, whether or not the attack fails depends on the BIND
> version being used; for example, the once widely-used BIND 4.8
> forces the TTL to be at least five minutes, stopping the attack.

There were numerious fixes in BIND 4.9 which fixed various issues
like this.

For those that are curious, see doc/bind/vixie-security.ps in the
BIND (documentation) distribution.  It explicitly mentions fixes
which close the holes in BIND with respect to gethostby{name,addr}()
checks.

--Dave


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[8467] in bugtraq

Re: tcpd -DPARANOID doesn't work, and never did

daemon@ATHENA.MIT.EDU (Dave Barr)Mon Nov 9 18:39:27 1998

daemon@ATHENA.MIT.EDU (Dave Barr)
Mon Nov 9 18:39:27 1998