oss-sec mailing list archives
Re: CVE Request New-djbdns: dnscache: potential cache poisoning
From: cve-assign () mitre org
Date: Thu, 20 Feb 2014 11:21:57 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
So, if original author says it's a flaw then it's a flaw, otherwise not?
Otherwise MITRE attempts to use the best available information in deciding whether "security improvement" is a better categorization. Across all types of products and problems, the original author is generally allowed to admit that they made a mistake when writing the code in a certain way.
So now SipHash is 'the only' way to avoid hash collision ever?
At present, introducing SipHash is a type of patch that's very likely to be considered when a software maintainer is responding to hash-collision problems. Certainly other patch approaches are possible. Not all code originated with an implicit functional specification that the code would do a good job at resisting all types of intentional hash-collision attacks. So, in general, when a description of a new attack is published, any resulting patches can be considered security improvements. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTBiraAAoJEKllVAevmvmskowH/i6JQKtvJttMqHORSRz78Q0b cDs+ho9ha3IfW72JDESqpnuZN5MmD5RANj95h/kVuuwxRZQoaZuBz7TrcXqkJB5a Jj4t/41o2/9MDtR+13w2EF4K2OHOVehiv+cH2uWOgTcxl0iY3frCpUXsl5uhMOX7 ComvccRVrKgG0U6kdQxQClKKrjvQ+9jXNM1lP1cQbyMtsk6wSbvw9AuC8KNAHoL/ IAWor0yu3GQ9fW/i5bnHJixQx9Yj32XcoiLkrYIxL7M8lB6TZ9SBw1PyWqWSEorc 2xPONazJ0TE5QEOpMwgaJrhSQyznQFQQfn4aWbyrgfjC05K0VE/5bsfssnRCm8A= =Ycsb -----END PGP SIGNATURE-----
Current thread:
- Re: CVE Request New-djbdns: dnscache: potential cache poisoning, (continued)
- Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 17)
- Re: CVE Request New-djbdns: dnscache: potential cache poisoning Michael Samuel (Feb 17)
- Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 18)
- Re: CVE Request New-djbdns: dnscache: potential cache poisoning Michael Samuel (Feb 11)
- Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 11)
- Re: CVE Request New-djbdns: dnscache: potential cache poisoning Florian Weimer (Feb 27)
- Re: Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 19)
- Re: CVE Request New-djbdns: dnscache: potential cache poisoning cve-assign (Feb 20)
- Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 20)
- Re: CVE Request New-djbdns: dnscache: potential cache poisoning cve-assign (Feb 20)
- Re: Re: CVE Request New-djbdns: dnscache: potential cache poisoning Michael Samuel (Feb 20)