oss-sec mailing list archives

Re: PowerDNS Security Advisory 2014-02

From: Hanno Böck <hanno () hboeck de>
Date: Mon, 8 Dec 2014 23:26:16 +0100

Thanks for the info.

Right now details on this vuln seem to be scarce. I asked myself some
questions, but I don't know DNS internals very well.

As this affects three implementations the obvious first question would
be if others are affected, too. Has this been checked?

And is this only a DoS for the attacked server or would it also allow
some completely new kind of DNS reflection attack (i.e. generating a
loop where every loop iteration generates an UDP packet send to a
victim)?


-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: BBB51E42

Attachment: _bin
Description: OpenPGP digital signature

Current thread:

PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 08)
- Re: PowerDNS Security Advisory 2014-02 Hanno Böck (Dec 08)
  - Re: PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 08)
    - Re: PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 08)
    - Re: PowerDNS Security Advisory 2014-02 Hanno Böck (Dec 09)
    - Re: PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 09)
- Re: PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 12)