[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] RE: new bind exploit?
- Subject: RE: [cobalt-security] RE: new bind exploit?
- From: "Gavin Nelmes-Crocker" <cobalt@xxxxxxxxxxxxxxxx>
- Date: Tue, 18 Jun 2002 11:44:08 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> >Versions affected: 8.2, 8.2-P1, 8.2.1, 8.2.2-P1,
> 8.2.2-P2, 8.2.2-P3,
> >8.2.2-P4, 8.2.2-P5, 8.2.2-P6, 8.2.2-P7, and all 8.2.3-betas
> >Severity: CRITICAL
> >Exploitable: Remotely
> >Type: Access possible.
>
> We have all of the relavent patches for bind installed. (
> official cobalt
> ones at least )
>
> The version reported is 'bind-8.2.3-C1' is this a beta or the
> third (C)
> release of 8.2.3?? Are we safe?
This is correct for a fully patched RaQ4 bind-8.2.3-C1 the C1 denotes
that Cobalt made changes to the package I don't think its a beta but as
to whether its safe would depend on what changes they made i.e. whether
they fixed a vulnerability if not then its probably not any safer than
anyone else's and Cobalt haven't released any later updates
Gavin