[nsp-sec] DNS vulnerability CVE-2008-1447/VU#800113
Sean Donelan
sean at donelan.com
Tue Jul 8 22:21:33 EDT 2008
On Tue, 8 Jul 2008, Paul Goyette wrote:
>> Other than some software vendors/programmers announcing a fix for an
>> old problem, has anything actually changed in the world today?
>>
>> Just trying to figure out if this is really a "red alert" or business
>> as usual, upgrade your stuff regularly because programmers are human.
>
> Having been briefed from the source, I'd say that this is
> definitely more than your average programmer/bug. It's
> quite serious in my opinion.
>
> Other than that, I'm under enough NDA paperwork not to be
> able to say anything further. :)
Thanks. It just feels like the "coordinated vendor announcements" for
the SNMP ASN.1 problems, the BGP reset-injection problems, etc. Those got
lots of attention, and lots of people running around, but the bad guys
pretty much ignored them.
More information about the nsp-security
mailing list