[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
From: "eugaaa@xxxxxxxxx" <eugaaa@xxxxxxxxx>
Date: Sun, 13 Jul 2008 14:50:26 -0500

http://blogs.zdnet.com/security/?p=1466
Can someone clarify what they meant by "non-reversible patch" ?

http://www.debian.org/security/2008/dsa-1603
Are these .deb patches automagical?

*scratches head*
I'm not interested in discussing the hype or scene-war aspect of this
vulnerability.

Has anyone actually verified the impact of this vulnerability? Any code,
anything?
(http://www.milw0rm.com/exploits/4266)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
  - From: Paul Schmehl
- Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
  - From: Ureleet

Prev by Date: [Full-disclosure] [SECURITY] [DSA 1608-1] New mysql-dfsg-5.0 packages fix authorization bypass
Next by Date: Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
Previous by thread: [Full-disclosure] [SECURITY] [DSA 1608-1] New mysql-dfsg-5.0 packages fix authorization bypass
Next by thread: Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
Index(es):
- Date
- Thread