|
The real hoot is that we contracted with IBM to do "benevolent hacking" on our network. And one of our dns servers is running bind 8. IBM's recommendation was to upgrade our DNS server. So I opened a pmr, and then a DCR to get an upgrade to the bind level. IBM's reply to both requests was basically to go get bent and the upgrade wasn't needed. Hello, left hand, meet right hand... IBM's exact wording from the benevolent hacking team: BIND is vulnerable to a buffer overflow. Multiple SIG resource records sent from an attacker controlled DNS server could crash the server or execute arbitrary code. This would enable attackers to gain control of the system. For more information, please see Remote Execution of Code in BIND Affected hosts: (deleted from this email) Recommendation: BIND 8.3.4 has been released. Always upgrade to the latest version. Consider upgrading to BIND 9 or later. A workaround is available through disabling recursion (see references). Contact ISC for patch information. Rob Berendt
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
