[nsp-sec] DNS vulnerability CVE-2008-1447/VU#800113
Paul Goyette
pgoyette at juniper.net
Tue Jul 8 14:30:02 EDT 2008
CERT/CC - the coordinating agency for this issue - still has not
posted their "official" announcement. The announcement was due
at 1800GMT today - not sure why CERT/CC can't tell time, unless
they forgot about daylight saving (aka summer) time! :)
Paul Goyette
Juniper Networks Customer Service
JTAC Senior Escalation Engineer
Juniper Security Incident Response Team
PGP Key ID 0x53BA7731 Fingerprint:
FA29 0E3B 35AF E8AE 6651
0786 F758 55DE 53BA 7731
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
> Florian Weimer
> Sent: Tuesday, July 08, 2008 11:24 AM
> To: Steven Spence
> Cc: nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] DNS vulnerability CVE-2008-1447/VU#800113
>
> ----------- nsp-security Confidential --------
>
> * Steven Spence:
>
> >> I don't know how much detail will be available before that from the
> >> vendors, so please use published material as a reference,
> and not this
> >> mailing list posting.
> >
> > ISC gives a pretty good break down of it.
> >
> > http://www.isc.org/sw/bind/bind-security.php
>
> Thanks, I wasn't aware that it was public.
>
> I agree with their assessment that DNSSEC is the correct fix for this
> vulnerability (like it or not).
>
> --
> Florian Weimer <fweimer at bfk.de>
> BFK edv-consulting GmbH http://www.bfk.de/
> Kriegsstraße 100 tel: +49-721-96201-1
> D-76133 Karlsruhe fax: +49-721-96201-99
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security
> community. Confidentiality is essential for effective
> Internet security counter-measures.
> _______________________________________________
>
More information about the nsp-security
mailing list