bind8.2 security issues

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Mon Jul 1 09:58:47 UTC 2002


Steve Foster <fosters at uk.psi.com> wrote:

> All,


> i have seen the postings on this group and via CERT about the
> vulnerabilities in Bind8.X , however i am bit confused as to how to
> progress. I currently have bind running 8.2.3 on Solaris 2.6 , i have no
> problems re-building a new version of bind to replace it, however Sun have
> not released any details on new resolver library patches, So should i wait
> until they do before building a new version of bind, or does bind use its
> own internal ones for build named etc...

Using bind-9 as resolving nameserver for all your clients seems to be 
a good workaround. That way no resolver is ever exposed to an 
answer from hostile nameservers "out there".

Time to install bind-9 !!

> Also it says that named itself is not vulnerable, how can this be so??

It's not named that is vulnerable, it's the resolver code that all your 
applications use. Named uses it's own ( not vulnerable) code for resolving.


> many thanks in advance

> Steve
> Steve Foster
> Senior Systems Administrator
> PSINet Europe
> Work: +44 (1223) 577322
> Mobile: +44 (7720) 425911


-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.


More information about the bind-users mailing list