oss-sec mailing list archives

Re: a new bind issue

From: Josh Bressers <bressers () redhat com>
Date: Tue, 24 Nov 2009 13:21:57 -0500 (EST)

I'm going to defer this assignment to MITRE. I suspect they've gotten a number of
requests for this one already (I want to avoid a duplicate assignment).

Thanks.

-- 
    JB


----- "Oden Eriksson" <oeriksson () mandriva com> wrote:

Hello.

A new bind release is out there, it mentions:

"It addresses a potential cache poisoning vulnerability, in which data
in the 
additional section of a response could be cached without proper DNSSEC

validation."

"2772.   [security]      When validating, track whether pending data
was from
                        the additional section or not and only return
it if
                        validates as secure. [RT #20438]"


A CVE should probably be assigned.


-- 
Regards // Oden Eriksson
Security team manager - Mandriva

Current thread:

a new bind issue Oden Eriksson (Nov 24)
- Re: a new bind issue Josh Bressers (Nov 24)
- <Possible follow-ups>
- Re: a new bind issue Josh Bressers (Nov 24)
  - Re: a new bind issue Steven M. Christey (Nov 24)
    - Re: a new bind issue Josh Bressers (Nov 24)