Re: BIND

[Ken Connelly <Ken.Connelly@xxxxxxx>]

Thanks, Ralph.  Alan Clegg from ISC has stated publicly 
(http://lists.sans.org/pipermail/unisog/attachments/20080708/de25682c/attachment.eml) 
that BIND 8 is also vulnerable, but won't be patched by ISC since that 
version is no longer supported by ISC.

- ken

Ralph Young wrote:
> Hi Ken -
>
> We are looking at the vulnerability now and will be patching Bind 9.
>
> It's not clear yet if it is also a vulnerability in Bind 8.x
>
> -Ralph Young
> Process Software
>
> -----Original Message-----
>
> Presumably the BIND 8 in MultiNet 5.1 (and earlier) and the BIND 9 in 
> MultiNet 5.2 are affected by the cache poisoning vulnerability 
> announced yesterday.  Are there plans to fix both?  Or just the BIND 9 
> since that is all that ISC is patching?  In either case, do you have a 
> timeframe?
>
> To make this an official request, there's a Bcc: to 
> service@xxxxxxxxxxx as well as the general query to the list.
>
> Thanks!

--
- Ken
=================================================================
Ken Connelly             Associate Director, Security and Systems
ITS Network Services                  University of Northern Iowa
email: Ken.Connelly@xxxxxxx   p: (319) 273-5850 f: (319) 273-7373