CERT advisories/CA-2002-19.html
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Wed Aug 28 07:41:59 UTC 2002
> There is unpleasant news from CERT regarding the resolver overflow problems.
>
> The initial announcement manetioned that using bind-9 as resolving nameserver
> would "sanitize" responses to prevent atacks. Now CERT tells us that this
> is not enough.
>
> It's unclear to me the exact circomstances where bind-9 allows
> nasty responses to slip through to the resolver. Is this possible
> to fix ( is there hope for an updated bind-9 that does this ) ?
No it is not possible to fix / filter.
Yes the web page is the process of being updated.
Mark
> Could anyone from isc comment on this ?
>
> --
> Peter Håkanson
> IPSec Sverige ( At Gothenburg Riverside )
> Sorry about my e-mail address, but i'm trying to keep spam out,
> remove "icke-reklam" if you feel for mailing me. Thanx.
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list