An apparent delay in the availability of patches for the vulnerabilities in BIND that were disclosed earlier this week is once again highlighting the seemingly endless debate over when and to whom vulnerability data should be released.
Internet Security Systems Inc.'s X-Force research team on Tuesday released an advisory warning of three newly discovered vulnerabilities in BIND (Berkeley Internet Name Domain) versions 4 and 8. One of the flaws allows a remote attacker to take over a vulnerable server and run any code of choice.
ISS officials said that they did not believe that the vulnerabilities were known in the computer underground or were being actively exploited by crackers. The advisory also said that patches for the problems were ready and provided an e-mail address at the Internet Software Consortium where users could request the patches.
The link for this article located at eWeek is no longer available.
