oss-sec mailing list archives
Re: DNS vulnerability: other relevant software
From: Florian Weimer <fw () deneb enyo de>
Date: Sat, 12 Jul 2008 23:50:41 +0200
* Eugene Teo:
Actually, I'm not sure. I'm checking with my colleagues who may be more familiar with the implementation of net_random/random32() routine.
Gosh, I must be missing something. This generator appears to be linear (but the reduction to the available port range is not). The comment is pretty clear, too: * A 32 bit pseudo-random number is generated using a fast * algorithm suitable for simulation. This algorithm is NOT * considered safe for cryptographic use. I haven't written an exploit because I'm not sure how to bypass the modulo operation. The modulus is 28233 = 3 * 3 * 3137 by default, so it's not obvious to me how to recover the internal status without 2**51 effort.
Current thread:
- Re: DNS vulnerability: other relevant software, (continued)
- Re: DNS vulnerability: other relevant software The Fungi (Jul 09)
- Re: DNS vulnerability: other relevant software Mark J Cox (Jul 09)
- Re: DNS vulnerability: other relevant software Florian Weimer (Jul 09)
- Re: DNS vulnerability: other relevant software Eugene Teo (Jul 09)
- Re: DNS vulnerability: other relevant software Eugene Teo (Jul 09)
- Re: DNS vulnerability: other relevant software Eugene Teo (Jul 10)
- Re: DNS vulnerability: other relevant software Nathanael Hoyle (Jul 10)
- Re: DNS vulnerability: other relevant software Bernhard R. Link (Jul 11)
- Re: DNS vulnerability: other relevant software Nathanael Hoyle (Jul 11)
- Re: DNS vulnerability: other relevant software Florian Weimer (Jul 13)
- Re: DNS vulnerability: other relevant software Mark J Cox (Jul 09)
- Re: DNS vulnerability: other relevant software The Fungi (Jul 09)
- Re: DNS vulnerability: other relevant software Florian Weimer (Jul 12)
- Re: DNS vulnerability: other relevant software Eugene Teo (Jul 09)