Bugtraq mailing list archives
Re: tcpd -DPARANOID doesn't work, and never did
From: barr () CIS OHIO-STATE EDU (Dave Barr)
Date: Mon, 9 Nov 1998 18:09:50 -0500
Wietse Venema wrote:
The claim made in the SUBJECT line is incorrect. First of all, whether or not the attack fails depends on the BIND version being used; for example, the once widely-used BIND 4.8 forces the TTL to be at least five minutes, stopping the attack.
There were numerious fixes in BIND 4.9 which fixed various issues like this. For those that are curious, see doc/bind/vixie-security.ps in the BIND (documentation) distribution. It explicitly mentions fixes which close the holes in BIND with respect to gethostby{name,addr}() checks. --Dave
Current thread:
- Re: tcpd -DPARANOID doesn't work, and never did Wietse Venema (Nov 09)
- <Possible follow-ups>
- Re: tcpd -DPARANOID doesn't work, and never did Dave Barr (Nov 09)
- Re: tcpd -DPARANOID doesn't work, and never did D. J. Bernstein (Nov 09)
- Re: Several new CGI vulnerabilities Randal Schwartz (Nov 09)
- Re: tcpd -DPARANOID doesn't work, and never did Wietse Venema (Nov 09)
- Re: tcpd -DPARANOID doesn't work, and never did Darren Reed (Nov 10)
- Re: tcpd -DPARANOID doesn't work, and never did Greg A. Woods (Nov 10)
- Re: tcpd -DPARANOID doesn't work, and never did Jim Dennis (Nov 09)
- Re: tcpd -DPARANOID doesn't work, and never did D. J. Bernstein (Nov 10)
- Re: tcpd -DPARANOID doesn't work, and never did Wietse Venema (Nov 11)