[nsp-sec] DNS vulnerability CVE-2008-1447/VU#800113
Nicholas Ianelli
ni at cert.org
Tue Jul 8 15:01:48 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Yeah buddy:
http://www.kb.cert.org/vuls/id/800113
Nick
Paul Goyette wrote:
| ----------- nsp-security Confidential --------
|
| CERT/CC - the coordinating agency for this issue - still has not
| posted their "official" announcement. The announcement was due
| at 1800GMT today - not sure why CERT/CC can't tell time, unless
| they forgot about daylight saving (aka summer) time! :)
|
| Paul Goyette
| Juniper Networks Customer Service
| JTAC Senior Escalation Engineer
| Juniper Security Incident Response Team
| PGP Key ID 0x53BA7731 Fingerprint:
| FA29 0E3B 35AF E8AE 6651
| 0786 F758 55DE 53BA 7731
|
|> -----Original Message-----
|> From: nsp-security-bounces at puck.nether.net
|> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
|> Florian Weimer
|> Sent: Tuesday, July 08, 2008 11:24 AM
|> To: Steven Spence
|> Cc: nsp-security at puck.nether.net
|> Subject: Re: [nsp-sec] DNS vulnerability CVE-2008-1447/VU#800113
|>
|> ----------- nsp-security Confidential --------
|>
|> * Steven Spence:
|>
|>>> I don't know how much detail will be available before that from the
|>>> vendors, so please use published material as a reference,
|> and not this
|>>> mailing list posting.
|>> ISC gives a pretty good break down of it.
|>>
|>> http://www.isc.org/sw/bind/bind-security.php
|> Thanks, I wasn't aware that it was public.
|>
|> I agree with their assessment that DNSSEC is the correct fix for this
|> vulnerability (like it or not).
|>
|> --
|> Florian Weimer <fweimer at bfk.de>
|> BFK edv-consulting GmbH http://www.bfk.de/
|> Kriegsstraße 100 tel: +49-721-96201-1
|> D-76133 Karlsruhe fax: +49-721-96201-99
|>
|>
|> _______________________________________________
|> nsp-security mailing list
|> nsp-security at puck.nether.net
|> https://puck.nether.net/mailman/listinfo/nsp-security
|>
|> Please do not Forward, CC, or BCC this E-mail outside of the
|> nsp-security
|> community. Confidentiality is essential for effective
|> Internet security counter-measures.
|> _______________________________________________
|>
|
|
| _______________________________________________
| nsp-security mailing list
| nsp-security at puck.nether.net
| https://puck.nether.net/mailman/listinfo/nsp-security
|
| Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
| community. Confidentiality is essential for effective Internet
security counter-measures.
| _______________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
iD8DBQFIc7mci10dJIBjZIARCHxeAKCteri2Sf43DF/34kKyn2kQHRUGRACghlFC
uqPTL5bAh9ydfXqaVzGkYzs=
=Pc/r
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list