Re: Waiting for BIND security announcement

看板FB_security作者時間18年前 (2007/07/25 08:48), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串2/2 (看更多)
Simon L. Nielsen wrote: > [freebsd-security@ CC'ed to avoid answering the same there again > shorly :) - if following up, please drop either freebsd-questions or > freebsd-securiy to avoid "spamming" both lists] > > On 2007.07.24 18:15:43 -0500, Jeffrey Goldberg wrote: > >> As I'm sure many people know there is a newly discovered BIND vulnerability >> allowing cache injection (pharming). See I think it's worth pointing out that cache injection and pharming are not the same thing, although cache injection can be used as part of a pharming attack. I also think it's worth noting that this isn't an "all your queries are belong to us" type of attack. The attack involves _predicting_ query id numbers which at _best_ will be successful only once in 16 tries. Then you have to actually time it right so that you can use your guess. Still, it is worth upgrading to avoid this issue. >> http://www.isc.org/index.pl?/sw/bind/bind-security.php >> >> for details. >> >> The version of bind on 6.2, 9.3.3, RELENG_6 was updated shortly after the release of 9.3.4. I'll be updating RELENG_[56] with the new 9.3.4-P1 version after I'm done regression testing it, which should be some time tonight. Same for updating HEAD with 9.4.1-P1. The ports for bind9 and bind94 are already updated, so those with urgent needs can use that route to upgrade immediately. hope this helps, Doug -- This .signature sanitized for your protection _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 dougb. 的文章
文章代碼(AID): #16fft300 (FB_security)
更多 dougb. 的文章
文章代碼(AID): #16fft300 (FB_security)