oss-sec mailing list archives
Re: Root name server changes -> bind
From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 22 May 2008 01:39:43 -0400 (EDT)
On Wed, 21 May 2008, Marcus Meissner wrote:
Not sure if this warrants a CVE id.
Gut reaction here, but I would say that if a software package has hard-coded those IP addresses and doesn't check them e.g. through a reverse lookup, then the issue in that package would require a CVE. I have a feeling I could regret that statement :-/ - Steve
Current thread:
- Root name server changes -> bind Marcus Meissner (May 21)
- Re: Root name server changes -> bind Jonathan Smith (May 21)
- Re: Root name server changes -> bind Florian Weimer (May 22)
- Re: Root name server changes -> bind Jonathan Smith (May 22)
- Re: Root name server changes -> bind Florian Weimer (May 22)
- Re: Root name server changes -> bind Florian Weimer (May 22)
- Re: Root name server changes -> bind Jonathan Smith (May 21)
- Re: Root name server changes -> bind Steven M. Christey (May 21)
- Re: Root name server changes -> bind security curmudgeon (May 21)
- Re: Root name server changes -> bind Mark J Cox (May 22)
- Re: Root name server changes -> bind security curmudgeon (May 21)
- Re: Root name server changes -> bind Thijs Kinkhorst (May 22)
- Re: Root name server changes -> bind Marcus Meissner (May 23)