You might wish to note that there is a fix: upgrade to 8.2.2 patchlevel 3. Of course, this will be obvious to anyone who follows the link... but for those that don't, the "Workaround: None" part will give the wrong impression. Rich On Wed, 10 Nov 1999, Elias Levy wrote: > http://www.isc.org/products/BIND/bind-security-19991108.html > > > Name: "nxt bug" > > Versions affected: 8.2, 8.2 patchlevel 1, 8.2.1 > Severity: CRITICAL > Exploitable: Remotely > Type: Access possible > > Description: > > A bug in the processing of NXT records can theoretically allow an > attacker to gain access to the system running the DNS server at > whatever privilege level the DNS server runs at. > > Workarounds: > > None. > > Active Exploits: > > At this time, ISC is unaware of any active exploits of this > vulnerability however given the potential access this vulnerability > represents, it is probable scripts will be created in the near future > that make use of this vulnerability. > > -- > Elias Levy > Security Focus > http://www.securityfocus.com/ >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:11:05 PDT