[nsp-sec] DNS vulnerability CVE-2008-1447/VU#800113
Florian Weimer
fweimer at bfk.de
Wed Jul 9 03:11:40 EDT 2008
* Mark Boolootian:
> ----------- nsp-security Confidential --------
>
>
>> When I was briefed, I was not surprised. As it was sketched on the
>> whiteboard I saw:
>
> I was a bit surprised at the FreeBSD response:
>
> http://lists.freebsd.org/pipermail/freebsd-security/2008-July/004751.html
>
> Did Kaminski forget to tell them?
I suppose they were notified by CERT/CC. Unfortunately, the CERT/CC
vendor notice was worded in a way that didn't make it clear that this
is a relevant attack. It just looked like another of those Amit Klein
discoveries (IOW, nice, solid work, but not operationally relevant).
The GNU/Linux camp was bitten by this, too--we couldn't fix the libc
stub resolver for a similar reason.
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the nsp-security
mailing list