[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] new bind exploit?

Subject: Re: [cobalt-security] new bind exploit?
From: craig <craig@xxxxxxxxxxxxx>
Date: Tue, 18 Jun 2002 21:48:46 +1200 (FJT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> Hi all,
>
> I have searched the list(s) security and user and not found a mention of
> this, so here goes....
>
> There is a newish exploit for the current package version of bind,
> (8.2.3-C1) - details as follows:
>
> Name: "tsig bug"
> Versions affected:     8.2, 8.2-P1, 8.2.1, 8.2.2-P1, 8.2.2-P2, 8.2.2-P3,
> 8.2.2-P4, 8.2.2-P5, 8.2.2-P6, 8.2.2-P7, and all 8.2.3-betas
> Severity:     CRITICAL
> Exploitable:     Remotely
> Type:     Access possible.
>

You should be running VERSION.BIND    text = "8.2.3-REL
if you have the lastest pkg that is installed

Follow-Ups:
- Re: [cobalt-security] new bind exploit?
  - From: deepquest---Code511

References:
- [cobalt-security] new bind exploit?
  - From: marcus miller

Prev by Date: Re: [cobalt-security] new bind exploit?
Next by Date: Re: [cobalt-security] new bind exploit?
Previous by thread: Re: [cobalt-security] new bind exploit?
Next by thread: Re: [cobalt-security] new bind exploit?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index