Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: The Bind incident
From: Solar Designer <solar () openwall com>
Date: Wed, 6 Jul 2011 07:48:15 +0400

On Tue, Jul 05, 2011 at 07:17:32PM +0800, Eugene Teo wrote:
You might have read about AusCert's accidental disclosure of the ISC
Bind advisories today. If you have more information about this, please
share. AFAICS, the bind source packages are still not available at the
ISC website.

https://bugzilla.redhat.com/CVE-2011-2464
https://bugzilla.redhat.com/CVE-2011-2465
http://risky.biz/auscert-bind
http://pastebin.com/9NUt8Pk0

Here are the ISC advisories:

http://www.isc.org/software/bind/advisories/cve-2011-2464
http://www.isc.org/software/bind/advisories/cve-2011-2465

The oldest affected version is 9.6'ish, and the advisories explicitly
say that "Other versions of BIND 9 not listed in this advisory are not
vulnerable to this problem."  So those of us with older BIND 9 appear to
have nothing to do on this. ;-)  (Of course, we might have other/older
issues to patch.)

Alexander


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault