On Mon, 18 May 1998 22:36:47 -0400, <[EMAIL PROTECTED]> wrote:
> The redhat update DOES NOT fix the problem. I have tested this exploit
> against the absolute latest bind RPM's from ftp.redhat.com, and that
> version IS VULNERABLE, or I would not have posted this. This vulnerability
> is affecting systems across the Internet, and I think it should be
> seriously looked into.
Are you talking about the bind vulerability test program that was posted to
bugtraq? This is the only bind 'exploit' (even though it isn't one) that I
have seen.
All that program tests for is whether or not the remote server has recursive
queries and fake queries response turned on. This program will happily report
that a server is vulerable if these conditions are met even if the server has
been patched against them.
--
Bryan C. Andregg * <[EMAIL PROTECTED]> * Red Hat Software
"So hang the brand-name ego at the door and think about what I'm saying" -
Peter Da Silva
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.