Re: Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: <misc@...>

Subject: Re: Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

Date: Wednesday, July 9, 2008 - 11:29 am

On Wed, Jul 09, 2008 at 04:52:39PM +0200, Mathieu SEGAUD wrote:

quoted text> Vous m'avez dit ricemment :

>

> > Good morning,

> >

> > Today, I'm received alert from one of my friends regarding to

> > Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable

> > to cache poisoning.

> > http://www.kb.cert.org/vuls/id/800113

> >

> > I checked the above site, and found that most of the *BSD status are

> > unknown. Is this bug affected OpenBSD default bind dns?

>

> OpenBSD's named is affected.

> It is a flow in the DNS protocol, which means potentially *all*

> implementations are affected...
Credit where credit is due: djbdns isn't.
Without specifics on the issue, I can't tell if OpenBSD's bind is truly

vulnerable, but it certainly does use a fixed source port.
--

David Terrell

dbt@meat.net

((meatspace)) http://meat.net/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Vulnerability Note VU#800113 - Multiple DNS implementations ..., Zamri Besar, (Wed Jul 9, 10:45 am)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Pete Vickers, (Thu Jul 10, 4:15 am)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Peter N. M. Hansteen, (Thu Jul 10, 4:24 am)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Andreas Maus, (Wed Jul 9, 11:20 am)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Mathieu SEGAUD, (Wed Jul 9, 10:52 am)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., David Terrell, (Wed Jul 9, 11:29 am)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Mathieu SEGAUD, (Wed Jul 9, 12:14 pm)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Zamri Besar, (Wed Jul 9, 1:02 pm)

Navigation

Popular discussions


linux-kernel:
Bart Van Assche	Integration of SCST in the mainstream Linux kernel
Jan Engelhardt	intel iommu (Re: -mm merge plans for 2.6.23)
Greg KH	[GIT PATCH] driver core patches against 2.6.24
Pavel Roskin	ndiswrapper and GPL-only symbols redux
git:

linux-netdev:
David Miller	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
David Miller	Re: mac80211 truesize bugs
David Miller	Re: [GIT]: Networking
openbsd-misc:

Colocation donated by: