NT vs. Unix DNS

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Thu Apr 20 01:06:27 UTC 2000 

> Well, at least it is better than the following "workaround" (copied from
> http://www.isc.org/products/BIND/bind-security-19991108.html):

	A workaround is what can be done to the affected software to avoid
	the problem.  There is nothing you can do to 8.2, 8.2 patchlevel 1
	or 8.2.1 to make them safe.  The only solution is to upgrade.

	Upgrades are not workarounds.

	Also if you had looked at the whole page you would have seen that
	8.2.2 was safe.  See the table at the bottom.

	Mark

> ##################################
> Name: "nxt bug"
> Versions affected:     8.2, 8.2 patchlevel 1, 8.2.1
> Severity:     CRITICAL
> Exploitable:     Remotely
> Type:     Access possible
> 
> Description:
> A bug in the processing of NXT records can theoretically allow an attacker
> to gain access to the system running the DNS server at whatever privilege
> level the DNS server runs at.
> 
> Workarounds:
> None.
> 
> Active Exploits:
> At this time, ISC is unaware of any active exploits of this vulnerability
> however given the potential access this vulnerability represents, it is
> probable scripts will be created in the near future that make use of this
> vulnerability. [Since the original writing of this alert, such scripts have
> indeed been created. FYI. - ISC Webmaster]
> #################################
> 
> The bottom line is that every product has its own drawbacks. The thing with
> the open-source software is that you have the source code, but so do the
> hackers. Of course, one can always argue that Microsoft creates bloated and
> inefficient software.
> 
> - Art
> 
> Stephens, Bill <Bill.Stephens at fritolay.com> wrote in message
> news:200004172224.SAA00270 at briar.org...
> > Sure, the difference is simple.  With BIND DNS, you have the source
> > code, you can keep your DNS up to date, it is "the standard".  Or, you can
> > accept stuff like this as normal business (pay close attention to their
> > standard "workaround"):
> >
> > WORKAROUND
> > To avoid this problem, restart the server on a regular basis.
> >
> >
> 
> 
> 
> 
--
Mark Andrews, Nominum Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com

More information about the bind-users mailing list