[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] djbdns misformats some long response packets; patch and example attack

To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] djbdns misformats some long response packets; patch and example attack
From: Jeremy Brown <0xjbrown41@xxxxxxxxx>
Date: Thu, 5 Mar 2009 11:20:42 -0500

With all due respect, this isn't the first security hole found in Mr.
Bernstein's software, but seemingly the first he will actually
acknowledge. Well done, Matthew Dempsky.

On Thu, Mar 5, 2009 at 1:05 AM, Matthew Dempsky <matthew@xxxxxxxxxxx> wrote:
> As a final update to this thread: Dan Bernstein acknowledged this bug
> as a security hole in djbdns and recommends that users install my
> patch.  A copy of his post is available at
> http://marc.info/?l=djbdns&m=123613000920446&w=2.
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [SECURITY] [DSA 1734-1] New opensc packages fix information disclosure
Next by Date: [Full-disclosure] libc:fts_*():multiple vendors, Denial-of-service
Previous by thread: [Full-disclosure] [SECURITY] [DSA 1734-1] New opensc packages fix information disclosure
Next by thread: [Full-disclosure] libc:fts_*():multiple vendors, Denial-of-service
Index(es):
- Date
- Thread