Forwarded from: jf <jf (at) danglingpointers.net>
and 3 years before that djb pointed it out as well, its not coincidence
that djbdns was not vulnerable.
http://cr.yp.to/djbdns/forgery-cost.txt
http://cr.yp.to/talks/2003.02.11/slides.pdf
On Thu, 10 Jul 2008, InfoSec News wrote:
> Date: Thu, 10 Jul 2008 03:25:36 -0500 (CDT)
> From: InfoSec News <alerts (at) infosecnews.org>
> To: isn (at) infosecnews.org
> Subject: [ISN] Shocker DNS spoofing vuln discovered three years ago by a
> student
>
> http://www.theregister.co.uk/2008/07/09/dns_bug_student_discovery/
>
> By John Leyden
> The Register
> 9th July 2008
>
> A flaw in how the internet's addressing system works that sparked a
> patching frenzy on Tuesday night may has first been uncovered by a
> student as long as three years ago.
>
> Shortcomings in how the Domain Name System protocol is implemented by
> multiple vendors facilitate DNS cache poisoning attacks, security
> clearing house US CERT warned on Tuesday. Successful exploitation of
> these security shortcomings creates a means for hackers to spoof DNS
> replies, allowing for the redirection of network traffic or to mount
> man-in-the-middle attacks.
Received on Fri Jul 11 04:35:20 2008