The redhat update DOES NOT fix the problem. I have tested this exploit
against the absolute latest bind RPM's from ftp.redhat.com, and that
version IS VULNERABLE, or I would not have posted this. This vulnerability
is affecting systems across the Internet, and I think it should be
seriously looked into.
At 12:32 AM 5/19/98 +0200, you wrote:
>On 18-May-98 W. Bryan Caudle wrote:
>> Has anyone out there found an RPM for bind 4.9.7? We have had some
>> attacks
>> on bind 4.9.6-7 (latest RPM from RedHat) and I am told that 4.9.7
>> supposedly fixes the problem. I have contacted RedHat, but have gotten
>> no
>> response (GRRR...).
>> This is apparently a CERT reported vulnerability, and I would expect
>> RedHat
>> to have taken some action and built an updated RPM to solve this
>> serious
>> security problem that allows root access to any machine running named.
>> I
>> have tried compiling from source, but without any luck. Any help would
>> be
>> greatly appreciated.
>
>Redhat published an update just before the CERT announce.
>
>> -----------------------------------------------------------------------
>> W. Bryan Caudle
>
>ciao
>andrea
>
>
>--
> PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
>http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
> To unsubscribe: mail [EMAIL PROTECTED] with
> "unsubscribe" as the Subject.
>
-----------------------------------------------------------------------
W. Bryan Caudle
President
Commonwealth Technical Services, Inc.
Voice: 804-639-5400 Fax: 804-739-7007
http://www.ctsi.net
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.