lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <7470000.1037443841@gate.muc.bieringer.de>
From: pb at bieringer.de (Peter Bieringer)
Subject: Bind 8 patches available



--On Friday, November 15, 2002 10:03:57 AM +0000
John.Airey@...b.org.uk wrote:

> I also
> recognise how vital that the root name servers and ccTLD servers
> are patched first (rather worringly, the ISC says the root name
> servers and TLD servers have to be patched first.

But does this really happen on root servers? 

version.bind CHAOS/TXT check shows:

# for i in a b c d e f g h i j k l m; do dig -c chaos -t txt
version.bind @$i.ROOT-SERVERS.NET.  | grep -v "^;;" | grep -v "^$" |
grep -v ";vers"; echo;  done


VGRS1:      a,j
8.2.5-REL:  b
8.3.3-REL:  c,e,f,h
8.3.1-REL:  d
8.3.2-REL:  g,i,k
BIND-8.3.1-MA-PATCH-JMB-01: l
8.3.3-REL:  m


Patches are available for:
BIND 8.3.3
 applies with some offsets on 8.3.2 and 8.3.1 (untested whether
compilable and working afterwards)

BIND 8.2.6
 applies on 8.2.5 (with unimportant minor changes, untested whether
compilable and working afterwards)


So from this point of view it could be happen.


BTW: are root DNS servers using the full and in many cases very
useful featureset of BIND? I thought they only serve one zone, namely
the "." and run some zonetransfer between each other, why not using
i.e. djbdns here ;-)


Any comments?

        Peter

---
Dr. Peter Bieringer
mailto: pb at bieringer dot de
http://www.bieringer.de/pb/
Key 0x958F422D : B501 24F4 9418 23E2 C0F3  F833 7B57 AA7B 958F 422D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20021116/7253e63d/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ