Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: SNI-12: Update
From: perry () piermont com (Perry E. Metzger)
Date: Tue, 22 Apr 1997 23:39:44 -0400


Oliver Friedrichs writes:
I apologize for causing more traffic on this, however the patches in the
advisory "SNI-12: BIND Vulnerabilities and Solutions" were modified by PGP
when signing the message and will not apply without some hacking.

Copies of the patches (both context and unified formats) can be obtained
from ftp://ftp.secnet.com/pub/patches.

The patches given seem woefully inadequite in several respects -- a
bad, easily predicted pseudorandom number generator being just one of
the problems.

The right technque is probably to adapt the methods used to prevent
TCP sequence number guessing that were proposed by Steve Bellovin in
RFC1948.

Perry

A Windows NT version of the fixed BIND should also be availible soon until
an official release is made (this is not the Microsoft DNS server, however
BIND ported to Windows NT).  It will be availible in the same directory.

- Oliver

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
   Secure Networks Incorporated.  Calgary, Alberta, Canada, (403) 262-9211



  By Date           By Thread  

Current thread:
  • SNI-12: Update Oliver Friedrichs (Apr 23)
    • Re: SNI-12: Update Perry E. Metzger (Apr 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault