Hosting Provided By

patch for named buffer overflow now available

From: Todd C. Miller <Todd.Miller(at)courtesan.com>
Date: Thu Nov 14 2002 - 21:12:41 EST

A patch for the named buffer overflow is now available. The bug could allow an attacker to execute code as the user that named runs as. In the default OpenBSD named configuration, named runs as its own, non-root, user in a chrooted jail. This lessens the impact of the bug to the level of a denial of service. Anyone not running named chrooted should start to do so immediately.

For more information on the bug, please see: http://www.isc.org/products/BIND/bind-security.html http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469

The fix has been committed to OpenBSD-current as well as to the 3.2, 3.1 and 3.0 -stable branches.

The following patches are also available for OpenBSD 3.2, 3.1 and 3.0 respectively:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/005_named.patchftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/019_named.patchftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/036_named.patch

Received on Thu Nov 14 21:14:56 2002

This message: [ Message body ]
Next message: Todd C. Miller: "patch for cvs security issue available"
Previous message: Miod Vallat: "(no subject)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:46:07 EDT