Re: yes, there's another hole in BIND

barrpop.psu.edu

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Lord of flying horned octopi: "Re: Is starting a user program on priv port via inetd dangerous ?"
• Previous message: Mark Verber: "Re: yes, there's another hole in BIND"
• In reply to: Pat Myrto: "Re: yes, there's another hole in BIND"
• Next in thread: Joe Hentzel: "Re: yes, there's another hole in BIND"

In message <9407221351.AA24121rwing.UUCP>, Pat Myrto writes:
>Security through obscurity is alive and well here, too, I see.  Therefore
>the crackers who are exploiting the hole have the guaranteed knowlege
>that all users of DNS are vulnerable.

Do they now?  Anyone watching the IN-ADDR.ARPA. stuff flying around the
net has got to have at least one synapse left to put 2+2 together and
figure out there's a security problem and what it is.

>Great.
>
>Perhaps more than ONE head working on the problem might be a good idea?
>Surely there is more than ONE person that can devise a fix...

There are several people on the bind-workers list who actively (i mean
post patches within hours and minutes of new releases) support vix
on BIND.  There is by no means ONE person working on BIND, and I'm
confident that there are people on bind-workers who are familiar
enough with the issues and the code to either provide a fix or to
confirm vix's fix.

--Dave

• Next message: Lord of flying horned octopi: "Re: Is starting a user program on priv port via inetd dangerous ?"
• Previous message: Mark Verber: "Re: yes, there's another hole in BIND"
• In reply to: Pat Myrto: "Re: yes, there's another hole in BIND"
• Next in thread: Joe Hentzel: "Re: yes, there's another hole in BIND"