From owner-FreeBSD-users-jp@jp.freebsd.org  Sun Nov 24 22:19:10 1996
Received: by jaz.jp.freebsd.org (8.8.3+2.6Wbeta9/8.7.3) id WAA16319
	Sun, 24 Nov 1996 22:19:10 +0900 (JST)
Received: by jaz.jp.freebsd.org (8.8.3+2.6Wbeta9/8.7.3) with ESMTP id WAA16314
	for <FreeBSD-users-jp@jp.freebsd.org>; Sun, 24 Nov 1996 22:19:09 +0900 (JST)
Received: from yuri.hyg.med.kyoto-u.ac.jp (pp4.st.med.kyoto-u.ac.jp [130.54.88.26]) by st.med.kyoto-u.ac.jp (8.8.2+2.6Wbeta9/3.5W10/16/96) with SMTP id WAA20496 for <FreeBSD-users-jp@jp.freebsd.org>; Sun, 24 Nov 1996 22:17:46 +0900 (JST)
Message-Id: <9611241313.AA00199@yuri.hyg.med.kyoto-u.ac.jp>
From: Kazuhisa YUKI <yuki@st.med.kyoto-u.ac.jp>
Date: Sun, 24 Nov 1996 22:13:31 +0900
To: FreeBSD-users-jp@jp.freebsd.org
MIME-Version: 1.0
X-Mailer: AL-Mail 1.30
Content-Type: text/plain; charset=iso-2022-jp
Reply-To: FreeBSD-users-jp@jp.freebsd.org
X-Distribute: distribute [version 2.1 (Alpha) patchlevel=19]
X-Sequence: FreeBSD-users-jp 6746
Subject: [FreeBSD-users-jp 6746] BIND security
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org

$B7k>k!w5~Bg$G$9!#(J

$B>/$7A0$K!"(Jfj.comp.security$B$K(JBIND$B$N%;%-%e%j%F%#%[!<%k$K$D$$$F$N(J
$B5-;v$,$"$C$?$N$G!"FC$K?<$/FI$_$b$7$J$$$G!"<h$j$"$($:!"(Jlibresolv.a$B$H(Jarpa.h
$B$OJLL>$K$7$F!"(J4.9.5$B$KF~$lBX$($?$N$G$9$,!"$5$C$-!"$h$/$h$/L\$rDL$7$F$_$?$i(J
$B!"6=L#?<$$$3$H$,=q$$$F$"$C$?$N$G!"(J2.1.0-RELEASE+bind4.9.4p1$B$N%^%7%s$G(J
$B=q$$$F$"$k$3$H$r;n$7$F$_$?$N$G$9$,!"(J
> [oliver@oakmont] [Dec 31 1969 11:58:59pm] [~]% whoami
> oliver
> [oliver@oakmont] [Jan 01 1970 00:00:01am] [~]% rlogin 
random-domain.com
> random-domain.com: Connection refused
> # whoami
> root
>
$B$NMM$J$3$H$O!"1Q8lNO$NM}2r$NLdBj$b$"$j!":F8==PMh$^$;$s$G$7$?!#(J

Solaris$B$G$OBg>fIW$H$+=q$$$F$"$C$?$N$G$9$,!"(JFreeBSD$B$G$O!"(JBIND$B$KBP$9(J
$B$kBP:v$OI,MW$J$s$G$7$g$&$+(J?
$B$^$?!"$=$N;~$O!"(Jlibresolv.a$B$b(Jarpa.h$B$bF~$lBX$($,I,MW$J$s$G$7$g$&$+!#(J

----------
> $B:9=P?M(J : Oliver Friedrichs <oliver@secnet.com>
> $B08@h(J : 
> $B7oL>(J : Serious BIND resolver problem
> $BAw?.F|;~(J : 1996$BG/(J11$B7n(J19$BF|(J 14:53
> 
>                         ######    ##   ##    ######
>                         ##        ###  ##      ##
>                         ######    ## # ##      ##
>                             ##    ##  ###      ##
>                         ###### .  ##   ## .  ###### .
> 
>                             Secure Networks Inc.
> 
>                              Security Advisory
>                              November 18, 1996
> 
>                     Vulnerability in Unchecked DNS Data.
> 
> In research for our upcoming network auditing tool, we have uncovered 
a
> serious problem present in implementations of BIND which trust invalid
data
> sent to them.  This vulnerability specifically applies to hostname to
address
> resolution and can result in local and remote users obtaining root
privileges.
> 
> It is recommended that security conscious users upgrade to the latest
version
> of the BIND resolver immediately.  Information on obtaining the latest
> official release is provided at the end of this message.
> 
$B0J2<N,!#(J

=============================================
  $B7k>k(J $BOB1{!w5~Bg0e3XIt(J
     E-mail: yuki@st.med.kyoto-u.ac.jp
             KFC03754@niftyserve.or.jp
     http://www.st.med.kyoto-u.ac.jp/~yuki/
=============================================
