Re: Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Steve Shockley <steve.shockley@...>

To: <misc@...>

Subject: Re: Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

Date: Wednesday, July 9, 2008 - 1:16 pm

bofh wrote:

quoted text> 1). They didn't contact openbsd about this
The Cert Advisory document (the MS Word doc file) claims that "OpenBSD"

was notified on 2008-5-5 11:24:02.  Obviously I have no idea if this is

true.  Since it seems almost everyone was caught without a patch on

disclosure day, the notification list seems suspect.
The notification timeline in the document is somewhat interesting.

Microsoft was notified first (okay, I understand the guy works there).

A bunch of large corporations were notified on April 21, then ISC was

notified on April 29.  On May 5, it looks like they finally decided to

notify everyone else.
I'm guessing they don't like Nixu, NetApp and Dragonfly, since they were

notified on Thursday, July 3 (the day before a long weekend in the US),

with public release on Tuesday July 8.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Unix Fan, (Wed Jul 9, 11:48 am)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Giancarlo Razzolini, (Wed Jul 9, 1:06 pm)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Daniel A. Ramaley, (Wed Jul 9, 12:35 pm)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., bofh, (Wed Jul 9, 12:22 pm)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Andreas Maus, (Wed Jul 9, 1:17 pm)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., David Wilk, (Wed Jul 9, 1:58 pm)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., STeve Andre', (Wed Jul 9, 2:40 pm)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Steve Fairhead, (Fri Jul 11, 6:22 pm)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Brian, (Wed Jul 9, 10:51 pm)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Theo de Raadt, (Wed Jul 9, 2:19 pm)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., David Wilk, (Wed Jul 9, 4:05 pm)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Steve Shockley, (Wed Jul 9, 1:16 pm)

Re: Vulnerability Note VU#800113 - Multiple DNS implementati..., Theo de Raadt, (Wed Jul 9, 12:02 pm)


linux-kernel:
Michal Piotrowski	Re: 2.6.23-rc3-mm1
Tarkan Erimer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Fred Tyler	Slow, persistent memory leak in 2.6.20
Roland Dreier	Re: Integration of SCST in the mainstream Linux kernel
git:

linux-netdev:
David Miller	[GIT]: Networking
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
Antonio Almeida	HTB accuracy for high speed
openbsd-misc:

Re: Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

Online users