Full Disclosure mailing list archives
Re: DNS Cache Dan Kamikaze (Actual Exploit Discussion)
From: Ureleet <ureleet () gmail com>
Date: Tue, 15 Jul 2008 14:14:05 -0400
n3td3v is mad because he can't afford black hat, and no one is telling him. so he's whining. dan said that the patches are intentionally obfuscated. On Tue, Jul 15, 2008 at 10:28 AM, Rob <spamproof () nospammail net> wrote:
Ureleet wrote:there can be no actual exploit discussion unless you have dan on the thread. dan? On Sun, Jul 13, 2008 at 3:50 PM, eugaaa () gmail com <eugaaa () gmail com> wrote:http://blogs.zdnet.com/security/?p=1466 Can someone clarify what they meant by "non-reversible patch" ?I think they mean that some patches make obvious what the flaw is and possibly how to exploit it. These patches fix a known weakness - not using randomized origin ports and dns query ids (and in some cases improving the horribly non-random randomizing routines). The patches don't expose much information about the exploit, thus fueling the righteous indignation of those complaining about the hype. If he is wrong, then the only real downside is that large numbers of dns servers were upgraded to a less sucky version of BIND. http://www.doxpara.com/slides/BH_EU_05-Kaminsky.pdfhttp://www.debian.org/security/2008/dsa-1603 Are these .deb patches automagical? *scratches head* I'm not interested in discussing the hype or scene-war aspect of this vulnerability. Has anyone actually verified the impact of this vulnerability? Any code, anything? (http://www.milw0rm.com/exploits/4266)Dan is sworn to secrecy until his talk, so we have to wait till then. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: DNS Cache Dan Kamikaze (Actual Exploit Discussion), (continued)
- Re: DNS Cache Dan Kamikaze (Actual Exploit Discussion) Mark Andrews (Jul 15)
- Re: DNS Cache Dan Kamikaze (Actual Exploit Discussion) Paul Schmehl (Jul 15)
- Re: DNS Cache Dan Kamikaze (Actual Exploit Discussion) Mark Andrews (Jul 15)
- Re: DNS Cache Dan Kamikaze (Actual Exploit Discussion) Valdis . Kletnieks (Jul 15)
- Re: DNS Cache Dan Kamikaze (Actual Exploit Discussion) Paul Schmehl (Jul 15)
- Re: DNS Cache Dan Kamikaze (Actual Exploit Discussion) Robert Holgstad (Jul 15)
- Re: DNS Cache Dan Kamikaze (Actual Exploit Discussion) Mark Andrews (Jul 15)
- Re: DNS Cache Dan Kamikaze (Actual Exploit Discussion) Nick FitzGerald (Jul 15)
- Re: DNS Cache Dan Kamikaze (Actual Exploit Discussion) Rob (Jul 15)
- Re: DNS Cache Dan Kamikaze (Actual Exploit Discussion) Ureleet (Jul 15)
- Re: DNS Cache Dan Kamikaze (Actual Exploit Discussion) n3td3v (Jul 15)
- Re: DNS Cache Dan Kamikaze (Actual Exploit Discussion) Mike Owen (Jul 15)
- Re: DNS Cache Dan Kamikaze (Actual Exploit Discussion) Ureleet (Jul 15)