Bind 8.2.3 rel secure?
Brad Knowles
brad.knowles at skynet.be
Sat Apr 14 00:41:34 UTC 2001
At 7:45 PM -0400 4/13/01, Nick Simicich wrote:
> A few weeks ago, someone posted here claiming that someone had a hack that
> would break 8.2.3 REL and that they were threatening to release a Lion worm
> variant that would crawl through the hole. The implication was that an
> upgrade to Bind 9 was absolutely required.
I read that too.
> Does anyone know anything more about this? Have there been any cracks of
> machines running 8.2.3 REL (using a hole in bind) or was this just an
> attempt to start a baseless rumor?
I have since gotten confirmation that there is no such hole in
BIND 8.2.3-REL. I would still encourage folks to use BINDv9 as soon
as is feasible for them to do so (because that is the future), but
BIND 8.2.3-REL is safe from all known attacks and there are no
substantiated vulnerabilities that are currently being investigated.
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* Represented as 1045 digit prime number by Phil Carmody */
/* Prime as DNS cname chain by Roy Arends and Walter Belgers */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
More information about the bind-users
mailing list