[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] DNS Cache Dan Kamikaze (Actual Exploit Discussion)
- From: Rob <spamproof@xxxxxxxxxxxxxx>
- Date: Tue, 15 Jul 2008 07:28:13 -0700
Ureleet wrote:
> there can be no actual exploit discussion unless you have dan on the
> thread. dan?
>
> On Sun, Jul 13, 2008 at 3:50 PM, eugaaa@xxxxxxxxx <eugaaa@xxxxxxxxx> wrote:
>> http://blogs.zdnet.com/security/?p=1466
>> Can someone clarify what they meant by "non-reversible patch" ?
I think they mean that some patches make obvious what the flaw is and possibly
how to exploit it. These patches fix a known weakness - not using randomized
origin ports and dns query ids (and in some cases improving the horribly
non-random randomizing routines). The patches don't expose much information
about the exploit, thus fueling the righteous indignation of those complaining
about the hype.
If he is wrong, then the only real downside is that large numbers of dns
servers were upgraded to a less sucky version of BIND.
http://www.doxpara.com/slides/BH_EU_05-Kaminsky.pdf
>>
>> http://www.debian.org/security/2008/dsa-1603
>> Are these .deb patches automagical?
>>
>> *scratches head*
>> I'm not interested in discussing the hype or scene-war aspect of this
>> vulnerability.
>>
>> Has anyone actually verified the impact of this vulnerability? Any code,
>> anything?
>> (http://www.milw0rm.com/exploits/4266)
Dan is sworn to secrecy until his talk, so we have to wait till then.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/