Full Disclosure mailing list archives
Re: NISCC DNS Protocol Vulnerability
From: Barrie Dempster <barrie () reboot-robot net>
Date: Sun, 30 Apr 2006 18:32:13 +0100
On Fri, 2006-04-28 at 22:59 +0300, Markus Jansson wrote:
http://www.niscc.gov.uk/niscc/vulnAdv-en.html "The vulnerabilities described in this advisory affect implementations of the Domain Name System (DNS) protocol. Many vendors include support for this protocol in their products and may be impacted to varying degrees, if at all."
Not a lot of useful information provided though. The DNS testing tool hasn't been publicly released by OUSPG yet, so researchers can't use it to independently test the affected applications. Any advisories that become apparent will come out individually anyway, so the information on those vulnerabilities will be forthcoming. NISCC are markedly reserved in giving out vulnerability information (ie.. they follow the vendors lead), so anything shown there won't be news to those watching for vendor announcements. The other PROTOS test tools are fairly interesting, some of which have been around for a while - but until the vendors release details/patches or the DNS test tool is released, there isn't much to see here in regards DNS vulnerabilities. There's some scraps of information which would give an idea of where to look, but it basically boils down to "Fuzz the DNS implementations". -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue - http://reboot-robot.net - "He who hingeth aboot, geteth hee-haw" Victor - Still Game
Attachment:
smime.p7s
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- NISCC DNS Protocol Vulnerability Markus Jansson (Apr 28)
- Re: NISCC DNS Protocol Vulnerability Barrie Dempster (Apr 30)