new bind vuln

Michael H. Warfield mhw at
Wed Nov 13 13:45:08 UTC 2002

On Wed, Nov 13, 2002 at 12:21:07AM -0500, Michael H. Warfield wrote:
> On Wed, Nov 13, 2002 at 12:06:04AM -0500, Steven M. Bellovin wrote:

> > CERT said that the ISS advisory was to be released on 13 November, and 
> > that the patch would be available from ISC next week.  There was no 
> > indication about when CERT itself was going to issue an advisory, but 
> > clearly someone said something a day earlier than had been expected.

> 	Cool...  That nails it then.  CERT had it wrong.  I think
> Paul notified CERT, but I could be easily wrong on that and will verify...

	Checked it out.  We notified CERT (Paul or ISC may have as well,
I don't know about that).  Here is what we sent them...

]  -----Original Message-----
] From:         Ingevaldson, Dan (ISS Atlanta)
] Sent: Monday, November 11, 2002 5:40 PM
] To:   'CERT Coordination Center'
] Subject:      ISS advisory
] Team-
] This information was provided to us by ISC today on issues that ISS X-Force discovered. We will be releasing our security advisory tomorrow. Any questions regarding this material should be directed to the ISC security contact.
> >  <<bind_security_11082002.tar.gz.pgp>> > > <<bind_security_11082002.txt.pgp>>
> Regards,
> =============================
> Dan Ingevaldson
> Team Lead, X-Force R&D
> dsi at
> 404-236-3160
> Internet Security Systems, Inc.
> The Power to Protect
> <>
> =============================

	Note the date...  Note that we said "tomorrow".  Note that it
was also 5:40 PM EST.  I'll accept that the choice of terminology
probably led to the confusion, especially considering the late time.
If they processed the message on the 12th and didn't look at the date
in our notice then they could easily have gotten their date wrong.
I'll mention it to Dan that we should never use relative date
terminology in notices like this and to stick with absolute dates,
even if it is "tomorrow".

	I wonder if we need to start timestamping some of our notices
in addition to PGP signing them...  Another topic, another time...


> 	Thanks!

> > 		--Steve Bellovin, (me)
> > ("Firewalls" book)

 Michael H. Warfield    |  (770) 985-6132   |  mhw at
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list