Bind 8.2.3 rel secure?

Sat Apr 14 07:47:37 UTC 2001

>>>>> "Nick" == Nick Simicich <njs at spamcop.net> writes:

    Nick> A few weeks ago, someone posted here claiming that someone
    Nick> had a hack that would break 8.2.3 REL and that they were
    Nick> threatening to release a Lion worm variant that would crawl
    Nick> through the hole.

These claims are groundless. There are no known security holes in
BIND8.2.3. Some of the release candidates for 8.2.3 were vulnerable
but the holes were plugged before the final release was made. This has
caused a few people to confuse those beta releases with the finished
article. 

As a general rule, upgrading to BIND9 is the best option. It is much
more scrupulous about checking its input. Therefore it can be expected
to be less susceptible to buffer overflow attacks which are the main
cause of the security problems in BIND4 and BIND8.