--- Rick Moen <[EMAIL PROTECTED]> wrote: > Quoting likot ([EMAIL PROTECTED]): > > > well that was the first advisory but was > _corrected_ > >
> http://online.securityfocus.com/archive/1/280642/2002-09-17/2002-09-23/2 > > That's _not_ a CERT advisory, but rather a Bernstein i never said it was a cert advisory, as far as i can remember this was the thread that lead to that advisory being corrected ( meaning they released another advisory correcting themselves ) i was just pointing that out >>http://online.securityfocus.com/archive/1/280706/2002-09-17/2002-09-23/2 yes it was the analysis thats why i included it > > OK, but that corrects the advisory basically only in > giving more detail > and clarifying that most BSD-derived resolvers are > effected (including > the then-current glibc ones) because they used > derived/related code. yes, but it was correcting the first advisory saying that if you _use_ bind 9 cache you are safe ( which you qouted and the one i was correcting ) http://www.cert.org/advisories/CA-2002-19.html "Use of a local caching DNS server is not an effective workaround When this advisory was initially published, it was thought that a caching DNS server that reconstructs DNS responses would prevent malicious code from reaching systems with vulnerable resolver libraries. " that was the main point. > Quoting that advisory (in bold type, right near the > top): > God-only-knows-what reason? yes i never said it was a workable exploit i said there was an _issue_ > > See the thing about security advisories is that you > have to actually > _read_ them, before they're any use at all. > woke up on the wrong side of the bed again? my contribution to this thread ends here, thanks. -Dek likot at yahoo dot com __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
