oss-sec mailing list archives
Re: CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb)
From: Tomas Hoger <thoger () redhat com>
Date: Thu, 11 Sep 2008 11:06:33 +0200
On Thu, 4 Sep 2008 12:01:04 -0400 (EDT) "Steven M. Christey" <coley () linus mitre org> wrote:
The transaction IDs are assigned in sequential (n+1 order) and the source ports are always the same.Use CVE-2008-3905, to be filled in soon. We're treating this as a distinct issue because this is *REALLY* bad randomness within a particular implementation, besides the inherent limitation of DNS when source ports are fixed.
Applying this rule, separate id should probably be used for PyDNS [1] [2] and adns [3] as well, at they both suffer from the similar flaws - use predictable transactions ids and source port. PyDNS should be fixed as of upstream version 2.3.2 [4], adns issue is rather considered a design decision as documented in the INSTALL file [5]. [1] http://pydns.sourceforge.net/ [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490217 [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492698 [4] http://packages.debian.org/changelogs/pool/main/p/python-dns/python-dns_2.3.3-1/changelog [5] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492698#15 -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb) Jan Lieskovsky (Sep 03)
- Re: CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb) Steven M. Christey (Sep 04)
- Re: CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb) Tomas Hoger (Sep 11)
- Re: CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb) Steven M. Christey (Sep 15)
- Re: CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb) Tomas Hoger (Sep 11)
- Re: CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb) Steven M. Christey (Sep 04)