Bug 104705 - Delegation-only patch for bind
Delegation-only patch for bind
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: bind (Show other bugs)
7.3
All Linux
high Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
http://www.isc.org/products/BIND/dele...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-09-19 10:12 EDT by Need Real Name
Modified: 2007-03-27 00:09 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-09-24 09:52:07 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2003-09-19 10:12:18 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4b) Gecko/20030516
Mozilla Firebird/0.6

Description of problem:
Please see Bug #104569
Please consult media for reports on verisign mis-handling .com / .net wildcards.
Please consider the effects on email systems / spam blocking / security.
Please include delegation patch in update to RH7.3 (or ALL) bind packages.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Use non-patched bind
2. Permits wildcard lookup 
3. BAD BAD BAD - please add patch
    

Additional info:
Comment 1 Dean K. Gibson 2003-09-20 20:42:52 EDT
I agree.  While technically not a bug, this fix is required for security 
features in other products to function properly;  eg, Sendmail and Postfix.  
Plus, having the fix available on RedHat would encourage wide adoption, which 
in turn would nullify the effects of VeriSign's "hijacking" of the purposes and 
RFC functions of the root servers.

The second BIND patch for this issue has been released.  I can understand if 
you want to wait a day or two for the dust to settle (the first patch has minor 
issues), but at least make some sort of announcement that a new RPM will be 
forthcoming.
Comment 2 Chris Stankaitis 2003-09-24 09:31:06 EDT
Please add this patch to give RH users running bind the ability to block out
VeriSign SiteFinder.

RedHat seems to be laging behind in their response to this issue, it's a serious
concern to many System Admins and should be addressed with a new RPM patch ASAP.
Comment 3 Daniel Walsh 2003-09-24 09:52:07 EDT
The patch is available on RawHide bind-9.2.2-23

Dan
Comment 4 Dean K. Gibson 2003-09-24 11:47:34 EDT
No one who is following the ISC BIND9 list will want Bind-9.2.2-23, which only 
contains the first ISC patch and is defective and creates problems.  ISC's -P4 
patch is apparently stable, and should be built & released as an RPM.

Note You need to log in before you can comment on or make changes to this bug.