|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jonas Eriksson (je_at_sekure.net)
Date: Fri Nov 15 2002 - 02:25:46 CST
---------- Forwarded message ----------
Date: Thu, 14 Nov 2002 19:12:41 -0700
From: Todd C. Miller <Todd.Miller
courtesan.com>
To: security-announceopenbsd.org
Subject: patch for named buffer overflow now available
A patch for the named buffer overflow is now available. The bug
could allow an attacker to execute code as the user that named runs
as. In the default OpenBSD named configuration, named runs as its
own, non-root, user in a chrooted jail. This lessens the impact
of the bug to the level of a denial of service. Anyone not running
named chrooted should start to do so immediately.
For more information on the bug, please see:
http://www.isc.org/products/BIND/bind-security.html
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
The fix has been committed to OpenBSD-current as well as to the
3.2, 3.1 and 3.0 -stable branches.
The following patches are also available for OpenBSD 3.2, 3.1 and 3.0
respectively:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/005_named.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/019_named.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/036_named.patch
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]