Home page logo

bugtraq logo Bugtraq mailing list archives

Re: SNI-12: BIND Vulnerabilities and Solutions
From: daw () CS BERKELEY EDU (David Wagner)
Date: Wed, 23 Apr 1997 02:18:56 -0700

In article <5jjnjr$b5r () joseph cs berkeley edu>,
David Wagner  <daw () CS BERKELEY EDU> wrote:
However, I think your patch won't fix the problem.

It attempts to make the query ID unpredictable, but fails -- the "random"
numbers it generates are still predictable (after a trivial 2^16 offline
trials).  And the seeding is terrible -- two years ago Netscape used
timeofday and pid to seed their PRNG, too, and look what happened to them.

Tell me I'm missing something.

Allow me to partially retract my claim.  As far as I can tell the patch
works as intended on OpenBSD systems, and my concerns do not apply to
OpenBSD-based boxes.  I'd like to publicly apologize to OpenBSD and Theo
de Raadt for tarring OpenBSD with too broad a brush.

However, I still believe the patch won't fix the problem on most systems:
as far as I can tell, it won't fix the hole on systems not running OpenBSD.
The secnet advisory probably should have included a note to this effect.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]