Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE Request New-djbdns: dnscache: potential cache poisoning
From: Michael Samuel <mik () miknet net>
Date: Wed, 12 Feb 2014 11:23:54 +1100

On 12 February 2014 01:51, P J P <ppandit () redhat com> wrote:


 -> http://www.openwall.com/lists/oss-security/2014/02/11/7

This looks like the same issue - predictable hash collision.

The same issue, different result.

CVE-2013-6401 is a DoS vulnerability, which would result in excess
CPU usage per hash lookup.

The described issue would result in expiring attacker-specified (but
not more) cache entries at approximately the same CPU cost.  So
this is something else.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]