From nobody  Wed Aug 13 15:06:00 1997
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id PAA02043;
          Wed, 13 Aug 1997 15:06:00 -0700 (PDT)
Message-Id: <199708132206.PAA02043@hub.freebsd.org>
Date: Wed, 13 Aug 1997 15:06:00 -0700 (PDT)
From: zigg@iserv.net
To: freebsd-gnats-submit@freebsd.org
Subject: named is vulnerable to DNS spoofing
X-Send-Pr-Version: www-1.0

>Number:         4299
>Category:       bin
>Synopsis:       named is vulnerable to DNS spoofing
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 13 15:10:00 PDT 1997
>Closed-Date:    Tue Sep 30 21:45:01 MEST 1997
>Last-Modified:  Tue Sep 30 21:46:17 MEST 1997
>Originator:     Matt Behrens
>Release:        2.2.2-RELEASE
>Organization:
>Environment:
FreeBSD megaweapon.zigg.net 2.2.2-RELEASE FreeBSD 2.2.2-RELEASE #0: Fri Jun 13 03:02:39 EDT 1997     root@megaweapon.zigg.net:/usr/src/sys/compile/MEGAWEAPON  i386
>Description:
The named included with 2.2.2-RELEASE (4.9.4-p1) is vulnerable to DNS
spoofing by renegade domain name servers.  This spoofing can cause the
host to grant access to spoofed hosts with services that rely on hostname
authentication, such as the infamous "r" daemons.  It can also redirect
mail to other hosts or into the great void easily, as well as prevent
your access to services on certain hosts.
>How-To-Repeat:
Visit http://apostols.org/toolz/dnshack.cgi.  This will insert a bogus
name into your cache.  After visiting this page, you will note that
nslookup returns an address for this name.
>Fix:
Upgrade bind to the latest version, 8.1.1.  Note that this requires
replacing named.boot with named.conf, which can be taken care of with
an included Perl script.
>Release-Note:
>Audit-Trail:

From: tedm@toybox.placo.com
To: freebsd-gnats-submit@freebsd.org, zigg@iserv.net
Cc:  Subject: Re: bin/4299: named is vulnerable to DNS spoofing
Date: 3 Sep 1997 01:06:30

 Bind 8.1.1 and Bind 4.9.6 both fix this security hole.  The ISC recommends
 moving to 8.1.1, but 4.9.6 compiles under FreeBSD 2.2.1 and 2.2.2 out-of
 the-box, and can be used as a drop in replacement for the version that
 comes with FreeBSD.
 
 More difficult is replacement of the shared resolver library and the
 utilities that use it, necessitating part of the source tree being installed.
 Certainly the most current version of bind ought to be used in future
 versions of FreeBSD.
 
 The thing is, though, that running a nameserver shouldn't be done for
 no reason, even a cachine-only one.  The Internet is still friendly enough
 so that it is almost always easier to get someone else to serve your
 names for you than to go to the trouble of bringing up a nameserver
 yourself.
 
 If you are comitted enough to running your own nameserver you should be
 following updates on the ISC's website an applying them as they are
 released.  This problem has been discussed on the CERT list, as well
 as mentioned in links from Network Solutions website.
 
 Ted
 

From: Studded <Studded@dal.net>
To: freebsd-gnats-submit@freebsd.org, tedm@toybox.placo.com
Cc:  Subject: Re: bin/4299: named is vulnerable to DNS spoofing
Date: Mon, 29 Sep 1997 17:10:02 -0700

 This PR can probably be closed since BIND 4.9.6 has been migrated to
 -current and -stable.
 
 Doug
 
 PS, feel free to let me know if I should not be submitting suggestions
 this way.
State-Changed-From-To: open->closed 
State-Changed-By: joerg 
State-Changed-When: Tue Sep 30 21:45:01 MEST 1997 
State-Changed-Why:  

From: Studded <Studded@dal.net> 

This PR can probably be closed since BIND 4.9.6 has been migrated to 
-current and -stable. 
>Unformatted:
