nanog mailing list archives
Re: Vulnerability Issue in Implementations of the DNS Protocol
From: Simon Waters <simonw () zynet net>
Date: Tue, 24 May 2005 16:02:18 +0100
On Tuesday 24 May 2005 2:57 pm, Fergie (Paul Ferguson) wrote:
UNIRAS (UK Gov CERT)/NISCC: http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html
Seems to be similar to an issue discussed on Bugtraq in 1999 where they looked to exploit the recursive nature of some DNS decompression implementations to create a loop in the decompression code. At the time BIND wasn't vulnerable, which doesn't stop client side code being vulnerable, but would have mitigated the problem then. Still we could do with some more details, although I guess enough detail to start checking source code for the dedicated.
Current thread:
- Vulnerability Issue in Implementations of the DNS Protocol Fergie (Paul Ferguson) (May 24)
- Re: Vulnerability Issue in Implementations of the DNS Protocol Simon Waters (May 24)
- Re: Vulnerability Issue in Implementations of the DNS Protocol Vicky Rode (May 24)