Re: Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Mathieu SEGAUD <mathieu.segaud@...>

To: David Terrell <dbt@...>

Cc: <misc@...>

Subject: Re: Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

Date: Wednesday, July 9, 2008 - 12:14 pm

Vous m'avez dit ricemment :
> On Wed, Jul 09, 2008 at 04:52:39PM +0200, Mathieu SEGAUD wrote:

quoted text>> Vous m'avez dit ricemment :

>>

>> > Good morning,

>> >

>> > Today, I'm received alert from one of my friends regarding to

>> > Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable

>> > to cache poisoning.

>> > http://www.kb.cert.org/vuls/id/800113

>> >

>> > I checked the above site, and found that most of the *BSD status are

>> > unknown. Is this bug affected OpenBSD default bind dns?

>>

>> OpenBSD's named is affected.

>> It is a flow in the DNS protocol, which means potentially *all*

>> implementations are affected...

>

> Credit where credit is due: djbdns isn't.
good to know. thanks. thus "potentially"
> Without specifics on the issue, I can't tell if OpenBSD's bind is truly

quoted text> vulnerable, but it certainly does use a fixed source port.
Stuart Henderson already answered this question on misc@ (12:10 UTC,

today). Named is vulnerable. The resolver is not :)
--

Mathieu

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Vulnerability Note VU#800113 - Multiple DNS implementations ..., Zamri Besar, (Wed Jul 9, 10:45 am)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Pete Vickers, (Thu Jul 10, 4:15 am)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Peter N. M. Hansteen, (Thu Jul 10, 4:24 am)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Andreas Maus, (Wed Jul 9, 11:20 am)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Mathieu SEGAUD, (Wed Jul 9, 10:52 am)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., David Terrell, (Wed Jul 9, 11:29 am)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Mathieu SEGAUD, (Wed Jul 9, 12:14 pm)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Zamri Besar, (Wed Jul 9, 1:02 pm)


linux-kernel:
Bart Van Assche	Integration of SCST in the mainstream Linux kernel
David Miller	Re: 2.6.25-rc8: FTP transfer errors
debian developer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Ingo Molnar	Re: [patch] sched_clock(): cleanups
git:

linux-netdev:
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
Arjan van de Ven	Re: [GIT]: Networking
Jarek Poplawski	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Evgeniy Polyakov	Re: [BUG] New Kernel Bugs
openbsd-misc:

Re: Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

Online users