[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [atlarge-discuss] Serious Flaws Found in BIND Server Software
Jefsey and all stakeholders or other interested parties and members,
Unfortunately again Jefsey you are again a bit behind the curve
in your comments/statements below to Sotiris's article notification.
First, Bind 9.3 is a base line only for recommended use. As I and
a number of our [INEGroup] members have been working
with Richard Clark and Andrew Card on the cybersecurity
effort, a version of BindPlus is currently Preferred, and may
be required, despite the IETF's and ICANN's objections.
Those objections are that BindPlus is not open source
software even though neither ICANN or the IETF actually
produce any code...
Second as Sotiris's article rightly points out, older versions
of Bind (v4-v8) have had the proper patches applied or
available to be applied to fix the current known security holes
that exist.
J-F C. (Jefsey) Morfin wrote:
> Right now only djbdns and Bind 9.3 should be used. The mere fact that a
> large number of Bind 4 are still in use shows the difficulty to consider
> the Internet as a network. This is the real challenge of the White House
> Cyberspace Security team. And ours. jfc
>
> On 04:37 13/11/02, Sotiris Sotiropoulos said:
>
> >http://www.eweek.com/article2/0,3959,696200,00.asp
> >
> >"Security researchers have discovered several serious new
> >vulnerabilities in the BIND software that runs on the vast
> >majority of the Internet's DNS servers. The most serious
> >flaw, a buffer overrun in both BIND 4 and BIND 8, enables
> >an attacker to execute arbitrary code on a vulnerable
> >server.
> >
> >The Internet Software Consortium, which maintains the free
> >BIND (Berkeley Internet Name Domain) software, has
> >released patches for both affected versions. "
> >
> >
> >Sincerely,
> >
> >Sotiris Sotiropoulos
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
> >For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de
> >
> >
> >
> >---
> >Incoming mail is certified Virus Free.
> >Checked by AVG anti-virus system (http://www.grisoft.com).
> >Version: 6.0.410 / Virus Database: 231 - Release Date: 31/10/02
>
> ------------------------------------------------------------------------
>
> Part 1.2 Type: Plain Text (text/plain)
Regards,
--
Jeffrey A. Williams
Spokesman for INEGroup - (Over 127k members/stakeholders strong!)
CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com
Contact Number: 214-244-4827 or 972-244-3801
Address: 5 East Kirkwood Blvd. Grapevine Texas 75208
---------------------------------------------------------------------
To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de