Bugtraq mailing list archives
Re: glibc resolver weakness
From: Valdis.Kletnieks () VT EDU (Valdis.Kletnieks () VT EDU)
Date: Wed, 3 May 2000 15:58:48 -0400
On Wed, 03 May 2000 03:40:46 +0200, antirez <antirez () LINUXCARE COM> said:
Hi all, this is from glibc 2.1.3 resolver source code: u_int res_randomid() { struct timeval now; __gettimeofday(&now, NULL); return (0xffff & (now.tv_sec ^ now.tv_usec ^ __getpid())); }
The exact same code as in the BIND 8.2.2-p5 src/lib/resolv/res_init.c I've *NOT* evaluated if there's an actual problem here, but if there is, it's probably in *every* BIND-derived resolver... -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
Current thread:
- Denial of service attack against tcpdump, (continued)
- Denial of service attack against tcpdump bretonh () PARANOIA PGCI CA (May 02)
- Re: Denial of service attack against tcpdump antirez (May 03)
- Re: Denial of service attack against tcpdump Sebastian (May 03)
- Re: Denial of service attack against tcpdump Dragos Ruiu (May 03)
- Re: Denial of service attack against tcpdump Gerald Combs (May 03)
- "ILOVEYOU" virus analysis Steve Wolfe (May 04)
- 2.2.14 Kernel exec/open bug (?) The Cr0W (May 05)
- Re: Denial of service attack against tcpdump Hugo.van.der.Kooij () CAIW NL (May 09)
- glibc resolver weakness antirez (May 02)
- Re: glibc resolver weakness Bennett Todd (May 03)
- Re: glibc resolver weakness Valdis.Kletnieks () VT EDU (May 03)
- Re: glibc resolver weakness Andrew Brown (May 03)
- Cayman 3220-H DSL Router DOS cassius () HUSHMAIL COM (May 05)
- Fun with UltraBoard V1.6X rudi carell (May 03)
- Fwd: tcpdump workaround against dnsloop exploit. THE INFAMOUS (May 03)
- Re: tcpdump workaround against dnsloop exploit. David Schwartz (May 06)
- NetBSD Security Advisory 2000-002 Daniel Carosone (May 06)
- [NHC20000504a.0: NetBSD Panics when sent unaligned IP options] NHC Research (May 06)
- Re: Fwd: tcpdump workaround against dnsloop exploit. Sebastian (May 07)
- Re: Fun with UltraBoard V1.6X Juan M. Bello Rivas (May 05)
- Fwd: tcpdump workaround against dnsloop exploit. THE INFAMOUS (May 03)
- Denial of service attack against tcpdump bretonh () PARANOIA PGCI CA (May 02)