Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CACYkhxi6-E=iUUFaT+fHbF5BKuznFjkpaKuF44vm1-yc6axEKw@mail.gmail.com>
Date: Mon, 17 Feb 2014 21:54:02 +1100
From: Michael Samuel <mik@...net.net>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request New-djbdns: dnscache: potential cache poisoning

On 17 February 2014 19:33, P J P <ppandit@...hat.com> wrote:

>   Hello,
>
> +-- On Wed, 12 Feb 2014, P J P wrote --+
> | +-- On Wed, 12 Feb 2014, Michael Samuel wrote --+
> | | >  -> http://www.openwall.com/lists/oss-security/2014/02/11/7
> | | The same issue, different result.
> |
> |   Yes, true. Thank you for confirming.
>
>   So, does this qualify for a CVE?


I think I've come around to a yes for this one. Pushing attacker-chosen
entries
out of the cache after only 100 packets is clearly not what the admin
wants.  It
makes a secondary attack (DNS over UDP blind cache poisoning) much more
viable than it was.

I can think of some DoS scenarios where this vector would assist another
attack.

Regards,
  Michael

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.