Recent ISS Security Announcement
Joseph S D Yao
jsdy at center.osis.gov
Thu Nov 14 22:13:40 UTC 2002
On Thu, Nov 14, 2002 at 03:23:23PM -0500, Ragnar Paulson wrote:
...
> Put another way, if I have named/bind configure to only allow recursion =
> to local users ... is this still remotely exploitable? =20
...
My understanding is that it is exploitable if the client can do
recursion ... so, in the case you posit, local users could exploit it
but remote users could not.
--
Joe Yao jsdy at center.osis.gov - Joseph S. D. Yao
OSIS Center Systems Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of OSIS Center policies.
More information about the bind-users
mailing list