Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE Request New-djbdns: dnscache: potential cache poisoning
From: Michael Samuel <mik () miknet net>
Date: Mon, 17 Feb 2014 21:54:02 +1100

On 17 February 2014 19:33, P J P <ppandit () redhat com> wrote:


+-- On Wed, 12 Feb 2014, P J P wrote --+
| +-- On Wed, 12 Feb 2014, Michael Samuel wrote --+
| | >  -> http://www.openwall.com/lists/oss-security/2014/02/11/7
| | The same issue, different result.
|   Yes, true. Thank you for confirming.

  So, does this qualify for a CVE?

I think I've come around to a yes for this one. Pushing attacker-chosen
out of the cache after only 100 packets is clearly not what the admin
wants.  It
makes a secondary attack (DNS over UDP blind cache poisoning) much more
viable than it was.

I can think of some DoS scenarios where this vector would assist another


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]