oss-sec mailing list archives
Re: Re: CVE-request: systemd-resolved DNS cache poisoning
From: Daniel Kahn Gillmor <dkg () fifthhorseman net>
Date: Thu, 13 Nov 2014 08:03:36 -1000
On 11/13/2014 04:56 AM, Florian Weimer wrote:
I asked Bert to be sure, and he says that it was his intent that the advice applied to non-recursive resolvers as well. (Note that systemd-resolved is more than a minimal stub because it has a cache.)
I have to agree with Florian here. It's possible that rfc5452 was the wrong citation, since it seems to be devoted mainly to making sure that you don't accept packets from remote DNS servers you didn't request them from. the problem with systemd-resolved as i understand it not that it's accepting packets from DNS servers it didn't request from, but that it's caching unrelated responses in those records. This isn't typically an issue for cache-less stub resolvers, because they're being invoked by things like gethostbyname(), which might receive the extra information but won't actually process it, cache it, or do anything with it. It sounds like a vulnerability to me, and i hope that MITRE will reconsider its decision here. --dkg
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE-request: systemd-resolved DNS cache poisoning Sebastian Krahmer (Nov 12)
- Re: CVE-request: systemd-resolved DNS cache poisoning Florian Weimer (Nov 12)
- Re: CVE-request: systemd-resolved DNS cache poisoning Sebastian Krahmer (Nov 12)
- Re: CVE-request: systemd-resolved DNS cache poisoning cve-assign (Nov 12)
- Re: Re: CVE-request: systemd-resolved DNS cache poisoning Florian Weimer (Nov 13)
- Re: Re: CVE-request: systemd-resolved DNS cache poisoning Daniel Kahn Gillmor (Nov 13)
- Re: Re: CVE-request: systemd-resolved DNS cache poisoning Jeremy Stanley (Nov 13)
- Re: Re: CVE-request: systemd-resolved DNS cache poisoning Sebastian Krahmer (Nov 14)
- Re: Re: CVE-request: systemd-resolved DNS cache poisoning Greg KH (Nov 14)
- Re: Re: CVE-request: systemd-resolved DNS cache poisoning Florian Weimer (Nov 17)
- Re: Re: CVE-request: systemd-resolved DNS cache poisoning Florian Weimer (Nov 13)
- Re: CVE-request: systemd-resolved DNS cache poisoning Florian Weimer (Nov 12)