BSD Today: BIND news and DNS alternativesFeb 03, 2001, 01:37 (4 Talkback[s])
(Other stories by Jeremy C. Reed)
"Lately, there's been a lot of news about BIND. First of all, a new bug was found in BIND 8. Basically, a problem in the transaction signature handling code could allow a buffer overflow which allowed code to be executed as the user running the nameserver. Then secondly, remote attackers can get information about the running bind process from environment variables and the stack. Security problems in BIND are not new news. In fact, one of my name servers was attacked almost a year ago due to a buffer overflow problem. ..."
"... (It is interesting to note that a small monetary award is available to the "first person to publicly report a verifiable security hole in the latest version of djbdns.")"