This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

DNS Exploit vulnerability found

13 posts / 0 new

Topic locked

Last post

#1 Tue, 07/08/2008 - 13:02

velvetpixel

DNS Exploit vulnerability found

A new DNS vulnerability has been found!

Story

[url=http://it.slashdot.org/article.pl?sid=08/07/08/195225&from=rss]Second Story[/url]

#2 Tue, 07/08/2008 - 17:05

ronald

hm, i wonder how long it will take for Centos to release that patch. I hope this year......

#3 Tue, 07/08/2008 - 17:29 (Reply to #2)

sgrayban

Debian already has released the security update for bind.

#4 Wed, 07/09/2008 - 01:36 (Reply to #3)

ronald

thx for the heads up. just updated.

#5 Thu, 07/17/2008 - 00:02 (Reply to #4)

David.Strejc

Jus little advice.

Use FreeBSD.

;o)))

#6 Fri, 07/18/2008 - 17:12 (Reply to #5)

Joe

<div class='quote'>Use FreeBSD.</div>

Because FreeBSD doesn't run BIND! Oh, wait...it does run BIND. What were you saying, again? ;-)

--

Check out the forum guidelines!

#7 Sat, 07/19/2008 - 14:18 (Reply to #6)

sgrayban

What does FreeBSD have to do with BIND ?

If there is a security issue with a program it does care what distro it is because all will have the same security weakness that's why we UPDATE !

#8 Sat, 07/19/2008 - 14:18 (Reply to #7)

sgrayban

opps *doesn't* care

#9 Sat, 07/26/2008 - 22:48 (Reply to #8)

velvetpixel

Apparently this exploit is in the wild now.

#10 Sun, 07/27/2008 - 00:45 (Reply to #9)

sgrayban

who cares - everyone should be updated by now and if they aren't they need to start paying attention to there distro's updates.

#11 Sun, 07/27/2008 - 01:32 (Reply to #10)

sgrayban

If you are scared that your DNS is crap look at http://www.doxpara.com/ -- BTW the Apple idiots FAILED to update there DNS servers LOL

#12 Sun, 07/27/2008 - 11:28 (Reply to #11)

Joe

Yep, everybody needs to update BIND immediately, if you haven't already. It primarily effects recursive name servers, as it is a cache poisoning exploit--I don't believe it effects authoritative service at all, which is what most folks use BIND for in a Virtualmin system--but have trustworthy name service at all points in the chain is absolutely vital for security.

Imagine downloading a piece of software...asking for PHP.net, and instead getting badguys.net instead, which happens to have a complete mirror of the PHP.net website, and an exploited copy of PHP for you to download. Just an example, of course, and I expect most Virtualmin users are using RPM or deb packages, which are signed in modern systems--so you can know if you're getting a package from a trustworthy source or not, even if the download is compromised somehow.

--

Check out the forum guidelines!

#13 Tue, 07/08/2008 - 22:36

gregv

Centos as a bind update available. I just installed it via yum.

Topic locked