OpenServer: BIND buffer overflows, Hunh ???
Simon Waters
Simon at wretched.demon.co.uk
Tue Aug 28 00:22:46 UTC 2001
"Mr. James W. Laferriere" wrote:
>
> Hello All , Caldera International has sent out a security update
> with the above reason . They are using 8.2.5 (rc1?) as their
> replacement . Is there some deficiency in 8.2.4 ? Or are they
> finally getting around to ugrading from 8.2.3 ?-} .
Reading the report it reads as if they are finally getting
around to upgrading from pre-8.2.3, which I find hard to
believe, but I guess Open Server is a minority interest these
days (Stir stir *8-)
The CERT article referenced refers to problems in pre 8.2.3
versions.
There are problems with 8.2.3 (or we wouldn't have 8.2.4 or
8.2.5rc1), but as far as I know none of them is known to be
exploitable, and I'm sure ISC would arrange to upgrade the root
DNS servers and notify CERT if there were known issues.
More information about the bind-users
mailing list