Re: SNI-12: Update

[perry () piermont com (Perry E. Metzger)]

Oliver Friedrichs writes:
> I apologize for causing more traffic on this, however the patches in the
> advisory "SNI-12: BIND Vulnerabilities and Solutions" were modified by PGP
> when signing the message and will not apply without some hacking.
>
> Copies of the patches (both context and unified formats) can be obtained
> from ftp://ftp.secnet.com/pub/patches.

The patches given seem woefully inadequite in several respects -- a
bad, easily predicted pseudorandom number generator being just one of
the problems.

The right technque is probably to adapt the methods used to prevent
TCP sequence number guessing that were proposed by Steve Bellovin in
RFC1948.

Perry

> A Windows NT version of the fixed BIND should also be availible soon until
> an official release is made (this is not the Microsoft DNS server, however
> BIND ported to Windows NT).  It will be availible in the same directory.
>
> - Oliver
>
>  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>    Secure Networks Incorporated.  Calgary, Alberta, Canada, (403) 262-9211