Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: SNI-12: BIND Vulnerabilities and Solutions
From: daw () CS BERKELEY EDU (David Wagner)
Date: Tue, 22 Apr 1997 18:11:23 -0700


In article <Pine.BSI.3.95.970422043557.16266A-100000 () silence secnet com>,
Oliver Friedrichs  <oliver () SECNET COM> wrote:
This advisory contains descriptions and solutions for two vulnerabilities
present in current BIND distributions.  These vulnerabilities are actively
being exploited on the Internet.

I.  The usage of predictable IDs in queries and recursed queries allows for
    remote cache corruption.  This allows malicious users to alter domain
    name server caches to change the addresses and hostnames of hosts on the
    internet.

Thanks for carefully describing the serious security vulnerability.

However, I think your patch won't fix the problem.

It attempts to make the query ID unpredictable, but fails -- the "random"
numbers it generates are still predictable (after a trivial 2^16 offline
trials).  And the seeding is terrible -- two years ago Netscape used
timeofday and pid to seed their PRNG, too, and look what happened to them.

Tell me I'm missing something.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]