mailing list archives
Re: SNI-12: BIND Vulnerabilities and Solutions
From: daw () CS BERKELEY EDU (David Wagner)
Date: Tue, 22 Apr 1997 18:11:23 -0700
In article <Pine.BSI.3.95.970422043557.16266A-100000 () silence secnet com>,
Oliver Friedrichs <oliver () SECNET COM> wrote:
This advisory contains descriptions and solutions for two vulnerabilities
present in current BIND distributions. These vulnerabilities are actively
being exploited on the Internet.
I. The usage of predictable IDs in queries and recursed queries allows for
remote cache corruption. This allows malicious users to alter domain
name server caches to change the addresses and hostnames of hosts on the
Thanks for carefully describing the serious security vulnerability.
However, I think your patch won't fix the problem.
It attempts to make the query ID unpredictable, but fails -- the "random"
numbers it generates are still predictable (after a trivial 2^16 offline
trials). And the seeding is terrible -- two years ago Netscape used
timeofday and pid to seed their PRNG, too, and look what happened to them.
Tell me I'm missing something.