BIND 8.2.4 vulnerability scope
Mark Andrews
Mark_Andrews at isc.org
Tue Jan 2 23:18:24 UTC 2007
> I've identified a bind 8.2.4 installation for which we are determining
> options for updating or remediating vulnerabilities. According the to
> the BIND vulnerability matrix, 8.2.4 is listed as vulnerable to a
> number of attacks, including, "libbind", "DoS_multi", "sigrec" and
> "negcache." From what I can tell, each of these relates to a flaw in
> handling of answers to recursive queries.
>
> Question is, is disabling recursion on the affected host enough to
> mitigate all known vulnerabilities against this software version, or
> do any of the known flaws work via non-recursive queries as well?
> Also, is the community aware of any holes in this version of the
> software that may not have made it into the vulnerability matrix that
> would warrant an update as well?
>
> I realize that the short answer is "just update" but the client likes
> to have the option of workarounds where possible.
>
> Thanks in advance,
>
> DS
BIND 8 is dead. The only part of BIND 8 that gets updated
these days is libbind and that is shipped as part of BIND 9.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list