Bugtraq mailing list archives

Re: tcpd -DPARANOID doesn't work, and never did

From: barr () CIS OHIO-STATE EDU (Dave Barr)
Date: Mon, 9 Nov 1998 18:09:50 -0500


Wietse Venema wrote:


The claim made in the SUBJECT line is incorrect.

First of all, whether or not the attack fails depends on the BIND
version being used; for example, the once widely-used BIND 4.8
forces the TTL to be at least five minutes, stopping the attack.


There were numerious fixes in BIND 4.9 which fixed various issues
like this.

For those that are curious, see doc/bind/vixie-security.ps in the
BIND (documentation) distribution.  It explicitly mentions fixes
which close the holes in BIND with respect to gethostby{name,addr}()
checks.

--Dave

Current thread:

Re: tcpd -DPARANOID doesn't work, and never did Wietse Venema (Nov 09)
- <Possible follow-ups>
- Re: tcpd -DPARANOID doesn't work, and never did Dave Barr (Nov 09)
- Re: tcpd -DPARANOID doesn't work, and never did D. J. Bernstein (Nov 09)
  - Re: Several new CGI vulnerabilities Randal Schwartz (Nov 09)
  - Re: tcpd -DPARANOID doesn't work, and never did Wietse Venema (Nov 09)
  - Re: tcpd -DPARANOID doesn't work, and never did Darren Reed (Nov 10)
  - Re: tcpd -DPARANOID doesn't work, and never did Greg A. Woods (Nov 10)
- Re: tcpd -DPARANOID doesn't work, and never did Jim Dennis (Nov 09)
- Re: tcpd -DPARANOID doesn't work, and never did D. J. Bernstein (Nov 10)
  - Re: tcpd -DPARANOID doesn't work, and never did Wietse Venema (Nov 11)