[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] BIND vulnerability

Subject: Re: [cobalt-users] BIND vulnerability
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Thu Feb 1 04:29:18 2001
Organization: nobaloney.net
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Graeme Fowler wrote:

> Sorry to take you to task over this, Jeff, but Dom is exactly right. The
> *vulnerability* is there, sure, but all it gives you is the opportunity
> to run arbitrary code on the machine (where code in this case means CPU
> specific code) which may then give you remote access. What you do with
> that remote access (run a shell bound to a port, shutdown the machine,
> remove the zone files, whatever) is entirely dependent on the *exploit*
> code rather than the vulnerability itself.

I'll take my lashes, okay, but under mild protest <smile>, since I still
think you can run interpreted code on a RaQ to make use of an exploit.

Neverthless, maybe I'll go out and buy a few dozen old RaQ2s to use for
dns all over the world with old copies of bind <smile>.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
nobaloney.net
P. O. Box 52672
Riverside, CA  92517
voice: (909) 787-8589  *  fax: (909) 782-0205

Follow-Ups:
- Re: [cobalt-users] BIND vulnerability
  - From: Zeffie

References:
- RE: [cobalt-users] BIND vulnerability
  - From: Graeme Fowler

Prev by Date: [cobalt-users] Site Disk Usage Incorrect if "Email Server Alias" left blank
Next by Date: [cobalt-users] User not showing up in user list?
Previous by thread: Re: [cobalt-users] BIND vulnerability
Next by thread: Re: [cobalt-users] BIND vulnerability

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index