Bug 447341

Summary: Identity Theft Hits the Root Name Servers
Product: [Fedora] Fedora Reporter: Marcus <marcus>
Component: bindAssignee: Adam Tkac <atkac>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 7CC: ovasik, security-response-team
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://www.renesys.com/blog/2008/05/identity_theft_hits_the_root_n_1.shtml
Whiteboard:
Fixed In Version: 9.4.2-4.fc7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-05-21 11:10:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marcus 2008-05-19 16:02:14 UTC 
Description of problem:


Version-Release number of selected component (if applicable):
bind-9.4.2-3.fc7

How reproducible:
outdated file

Steps to Reproduce:
1. none

Actual results:
Outdated root dns servers can give unexpected results sending a user to a 
malicious place.

Expected results:
Update the root servers list from internic.

Additional info:
none
Comment 1 Adam Tkac 2008-05-20 12:56:54 UTC 
This might be problem but I think it is not security issue as written in
https://bugzilla.redhat.com/show_bug.cgi?id=363541#c10
Comment 2 Adam Tkac 2008-05-20 13:18:27 UTC 
Btw from F7 named.ca only AAAA hints missing, so this is really not security problem
Comment 3 Fedora Update System 2008-05-20 14:25:57 UTC 
bind-9.4.2-4.fc7 has been submitted as an update for Fedora 7
Comment 4 Fedora Update System 2008-05-21 11:10:18 UTC 
bind-9.4.2-4.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.