Re: BIND bugs of the month

From: David R. Conrad (David_Conradat_private)
Date: Sun Nov 14 1999 - 10:13:14 PST

Next message: Roger Fajman: "BIND 8.2.2-P5 release announcement"

Previous message: Georgi Guninski: "IE 5.0 and Windows Media Player ActiveX object allow checking the"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dan,

> This NXT buffer overflow isn't part of some old code that Paul Vixie
> inherited from careless graduate students. It's new code.

Actually, most of the code is derived from a prototype DNSSEC implementation
done by John Gilmore and TIS quite a while back.  TIS (sorry, Network
Associates) contributed the revised implementation for the 8.2 release.

> Obviously ISC's auditing is inadequate.

For BINDv8, yes, it obviously was.

> Is ISC going to
> rewrite the client and server in a way that gives us confidence in
> their security?

BIND version 9 is a complete rewrite with an attempt to focus on
compartmentalization and auditability of the code.

Regards,
-drc

Next message: Roger Fajman: "BIND 8.2.2-P5 release announcement"
Previous message: Georgi Guninski: "IE 5.0 and Windows Media Player ActiveX object allow checking the"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:12:16 PDT