Re: Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: <misc@...>

Subject: Re: Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

Date: Wednesday, July 9, 2008 - 11:29 am

On Wed, Jul 09, 2008 at 04:52:39PM +0200, Mathieu SEGAUD wrote:

quoted text> Vous m'avez dit ricemment :

>

> > Good morning,

> >

> > Today, I'm received alert from one of my friends regarding to

> > Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable

> > to cache poisoning.

> > http://www.kb.cert.org/vuls/id/800113

> >

> > I checked the above site, and found that most of the *BSD status are

> > unknown. Is this bug affected OpenBSD default bind dns?

>

> OpenBSD's named is affected.

> It is a flow in the DNS protocol, which means potentially *all*

> implementations are affected...
Credit where credit is due: djbdns isn't.
Without specifics on the issue, I can't tell if OpenBSD's bind is truly

vulnerable, but it certainly does use a fixed source port.
--

David Terrell

dbt@meat.net

((meatspace)) http://meat.net/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Vulnerability Note VU#800113 - Multiple DNS implementations ..., Zamri Besar, (Wed Jul 9, 10:45 am)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Pete Vickers, (Thu Jul 10, 4:15 am)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Peter N. M. Hansteen, (Thu Jul 10, 4:24 am)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Andreas Maus, (Wed Jul 9, 11:20 am)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Mathieu SEGAUD, (Wed Jul 9, 10:52 am)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., David Terrell, (Wed Jul 9, 11:29 am)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Mathieu SEGAUD, (Wed Jul 9, 12:14 pm)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Zamri Besar, (Wed Jul 9, 1:02 pm)

Navigation

Popular discussions


linux-kernel:
Linus Torvalds	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Artem Bityutskiy	[RFC PATCH 06/26] UBIFS: add superblock and master node
Joe Perches	[PATCH 001/148] include/asm-x86/acpi.h: checkpatch cleanups - formatting only
Linus Torvalds	Re: LSM conversion to static interface
git:

linux-netdev:

Alexey Dobriyan	Re: [GIT]: Networking
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
Christoph Lameter	Network latency regressions from 2.6.22 to 2.6.29
openbsd-misc:

Colocation donated by:

Online users

Syndicate