[81055] in North American Network Operators' Group
Re: Vulnerability Issue in Implementations of the DNS Protocol
daemon@ATHENA.MIT.EDU (Simon Waters)
Tue May 24 11:03:38 2005
To: nanog@merit.edu
Date: Tue, 24 May 2005 16:02:18 +0100
In-Reply-To: <20050524.065705.16051.133603@webmail28.lax.untd.com>
From: Simon Waters <simonw@zynet.net>
Errors-To: owner-nanog@merit.edu
On Tuesday 24 May 2005 2:57 pm, Fergie (Paul Ferguson) wrote:
> UNIRAS (UK Gov CERT)/NISCC:
> http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html
Seems to be similar to an issue discussed on Bugtraq in 1999 where they looked
to exploit the recursive nature of some DNS decompression implementations to
create a loop in the decompression code. At the time BIND wasn't vulnerable,
which doesn't stop client side code being vulnerable, but would have
mitigated the problem then.
Still we could do with some more details, although I guess enough detail to
start checking source code for the dedicated.
