Fri Nov 15 10:01:33 PST 2002 — BIND vulnerabilities. The Berkeley Internet Name Daemon (BIND) implements a DNS nameserver, and is the most popular name server on the planet. Sonic.net uses multiple versions of BIND to support name services. The Internet Software Consortium has just disclosed multiple vulnerabilities in multiple versions of BIND. For those of you running BIND, patches are available here:
www.isc.org/products/BIND/patches/
Sonic.net was on an early distribution list for the patches, which were received 10:30pm Tuesday night, and were applied and running by 11:30pm Tuesday night. Thus, Sonic.net’s vulnerable BIND installations have been secured for over two days already. -Scott and Kelsey