[olug] DNS exploit VU#800113 - should be we alarmed?
Dan Linder
dan at linder.org
Tue Jul 15 22:07:13 UTC 2008
For my fellow Debian and Ubuntu users, I believe the bind updates that came
out last week were for this issue.
Just as a point of reference, I try to run this script (called "doup")
fairly regularly on my servers:
#!/bin/sh
ARG="-y -d"
apt-get $ARG update && apt-get $ARG upgrade && apt-get $ARG dist-upgrade &&
echo Done with no errors. && date
If the output shows that some files were downloaded, then I can review them
and perform an "apt-get upgrade" and/or "apt-get dist-upgrade" to actually
install the latest patches.
Dan
On Tue, Jul 15, 2008 at 1:32 PM, Jay Hannah <jay at jays.net> wrote:
> Apparently Paul Vixie (who invented DNS) is freaked out about a DNS
> exploit which will be released to the wild on August 7:
>
> http://www.circleid.com/posts/87143_dns_not_a_guessing_game/
> http://www.kb.cert.org/vuls/id/800113
>
> Is anyone on top of this?
>
> Should we be alarmed?
>
> Thanks,
>
> j
>
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>
--
"Quis custodiet ipsos custodes?" (Who can watch the watchmen?) -- from the
Satires of Juvenal
"I do not fear computers, I fear the lack of them." -- Isaac Asimov (Author)
** *** ***** ******* *********** *************
More information about the OLUG
mailing list