LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-31-2001, 08:29 PM   #1
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,597

Rep: Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080

4 more vulnerabilities were found in BIND. They are starting to catch up with wu-ftp

Versions 4.9.x prior to 4.9.8 and 8.2.x prior to 8.2.3 are affected. None of the 9.x series seem to be affected. The 4 vulnerabilities are:

- ISC BIND 8 contains buffer overflow in transaction signature (TSIG) handling code
- ISC BIND 4 contains buffer overflow in nslookupComplain()
- ISC BIND 4 contains input validation error in nslookupComplain()
- Queries to ISC BIND servers may disclose environment variables

The full advisory is available here - http://www.cert.org/advisories/CA-2001-02.html
Please upgrade!
Quote:
Since 1997, the CERT/CC has published twelve documents describing vulnerabilities or exploitation of vulnerabilities in BIND with information and advice on upgrading and preventing compromises. Unfortunately, many system and network administrators still have not upgraded their versions of BIND, making them susceptible to a number of vulnerabilities. Prior vulnerabilities in BIND have been widely exploited by intruders.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache - New Vulnerabilities (RH9) jon3k Linux - Security 4 11-18-2004 02:15 PM
IE Vulnerabilities, why not in other browsers? mandrakemikael Linux - Security 3 09-28-2004 11:43 AM
WARN: Kerberos Vulnerabilities Capt_Caveman Linux - Security 0 09-01-2004 08:53 PM
sendmail vulnerabilities odious1 Linux - Security 5 11-17-2003 09:06 AM
SSH Vulnerabilities and OpenSSH mikeyt_333 Linux - Security 3 01-09-2003 11:15 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration