[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] new bind exploit?
- Subject: Re: [cobalt-security] new bind exploit?
- From: craig <craig@xxxxxxxxxxxxx>
- Date: Tue, 18 Jun 2002 21:48:46 +1200 (FJT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> Hi all,
>
> I have searched the list(s) security and user and not found a mention of
> this, so here goes....
>
> There is a newish exploit for the current package version of bind,
> (8.2.3-C1) - details as follows:
>
> Name: "tsig bug"
> Versions affected: 8.2, 8.2-P1, 8.2.1, 8.2.2-P1, 8.2.2-P2, 8.2.2-P3,
> 8.2.2-P4, 8.2.2-P5, 8.2.2-P6, 8.2.2-P7, and all 8.2.3-betas
> Severity: CRITICAL
> Exploitable: Remotely
> Type: Access possible.
>
You should be running VERSION.BIND text = "8.2.3-REL
if you have the lastest pkg that is installed