Bugtraq mailing list archives
Re: yes, there's another hole in BIND
From: barr () pop psu edu (David Barr)
Date: Fri, 22 Jul 1994 15:09:49 -0400
In message <9407221351.AA24121 () rwing UUCP>, Pat Myrto writes:
Security through obscurity is alive and well here, too, I see. Therefore the crackers who are exploiting the hole have the guaranteed knowlege that all users of DNS are vulnerable.
Do they now? Anyone watching the IN-ADDR.ARPA. stuff flying around the net has got to have at least one synapse left to put 2+2 together and figure out there's a security problem and what it is.
Great. Perhaps more than ONE head working on the problem might be a good idea? Surely there is more than ONE person that can devise a fix...
There are several people on the bind-workers list who actively (i mean post patches within hours and minutes of new releases) support vix on BIND. There is by no means ONE person working on BIND, and I'm confident that there are people on bind-workers who are familiar enough with the issues and the code to either provide a fix or to confirm vix's fix. --Dave
Current thread:
- Is starting a user program on priv port via inetd dangerous ?, (continued)
- Is starting a user program on priv port via inetd dangerous ? Doug McLaren (Jul 21)
- Re: Is starting a user program on priv port via inetd dangerous ? Eric Murray (Jul 21)
- Re: Is starting a user program on priv port via inetd dangerous ? matthew green (Jul 21)
- Re: Is starting a user program on priv port via inetd dangerous ? Darren Reed (Jul 22)
- Re: Is starting a user program on priv port via inetd dangerous ? jmc () gnu ai mit edu (Jul 22)
- yes, there's another hole in BIND Paul A Vixie (Jul 21)
- Re: yes, there's another hole in BIND Resident Hacker (Jul 22)
- Re: yes, there's another hole in BIND Paul A Vixie (Jul 22)
- Re: yes, there's another hole in BIND Perry E. Metzger (Jul 22)
- Re: yes, there's another hole in BIND Pat Myrto (Jul 22)
- Re: yes, there's another hole in BIND David Barr (Jul 22)
- Re: yes, there's another hole in BIND Joe Hentzel (Jul 22)
- *PLEASE* shut up Dave Sill (Jul 22)
- Re: Is starting a user program on priv port via inetd dangerous ? Graham Toal (Jul 22)
- Re: Sending escape sequences to xterms via wall/talk jmc () gnu ai mit edu (Jul 20)
- root name server corruption, denial of service prob Mark (Jul 21)
- Re: root name server corruption, denial of service prob Mark Kosters (Jul 21)
- Re: Escape sequences (was Wall and talkd pass binary data) Bruce Barnett (Jul 20)
- Re: Wall and talkd pass binary data G.J.W. Hagenaars (Jul 20)