Resolver library question
Cinense, Mark
macinen at sandia.gov
Thu Sep 5 13:15:13 UTC 2002
If you are running BIND 9.x.x, and did not compile the resolver libraries,
then it is not vulenrable. Is this correct?
Mark Cinense
-----Original Message-----
From: Joseph S D Yao [mailto:jsdy at center.osis.gov]
Sent: Thursday, September 05, 2002 5:45 AM
To: Chuck Sterling
Cc: comp-protocols-dns-bind at isc.org
Subject: Re: Resolver library question
On Wed, Sep 04, 2002 at 07:23:38PM -0600, Chuck Sterling wrote:
> On Solaris 2.6 I am running BIND 9.1.3, compiled with gcc (2.7.x I
> think, but not sure) using the provided BIND make files. Recently CERT
> published a vulnerability in the resolver library that Solaris uses.
> Question: Is our BIND vulnerable, and if so, is it using the libraries
> provided with Solaris or something that came with gcc? I'm trying to
> understand whether or not applying the Solaris patch will fix the
> vulnerability on my systems. And if not, exactly what I have to do to
> fix it.
The resolver libraries and your 'named' are two different parts of
BIND. The Sun patch will fix your resolver libraries. It may also
overwrite your 'named' if you installed it in Solaris' default
location, and you just do the default patch install. Be aware of this.
--
Joe Yao jsdy at center.osis.gov - Joseph S. D. Yao
OSIS Center Systems Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of OSIS Center policies.
More information about the bind-users
mailing list