[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] RE: new bind exploit?

Subject: RE: [cobalt-security] RE: new bind exploit?
From: "Gavin Nelmes-Crocker" <cobalt@xxxxxxxxxxxxxxxx>
Date: Tue, 18 Jun 2002 11:44:08 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> >Versions affected:     8.2, 8.2-P1, 8.2.1, 8.2.2-P1, 
> 8.2.2-P2, 8.2.2-P3,
> >8.2.2-P4, 8.2.2-P5, 8.2.2-P6, 8.2.2-P7, and all 8.2.3-betas
> >Severity:     CRITICAL
> >Exploitable:     Remotely
> >Type:     Access possible.
> 
> We have all of the relavent patches for bind installed. ( 
> official cobalt 
> ones at least )
> 
> The version reported is 'bind-8.2.3-C1' is this a beta or the 
> third (C) 
> release of 8.2.3?? Are we safe?

This is correct for a fully patched RaQ4 bind-8.2.3-C1 the C1 denotes
that Cobalt made changes to the package I don't think its a beta but as
to whether its safe would depend on what changes they made i.e. whether
they fixed a vulnerability if not then its probably not any safer than
anyone else's and Cobalt haven't released any later updates

Gavin

References:
- [cobalt-security] RE: new bind exploit?
  - From: marcus miller

Prev by Date: [cobalt-security] RE: new bind exploit?
Next by Date: Re: [cobalt-security] new bind exploit?
Previous by thread: [cobalt-security] RE: new bind exploit?
Next by thread: [cobalt-security] Apache 1.3.26 Released

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index