Re: Remote buffer overflow in resolver code of libc
From: David Conrad (david.conrad@nominum.com)Date: 06/27/02
- Previous message: webmaster (Stephen Ostermiller): "Re: XSS in HTDIG"
- Maybe in reply to: Mark Lastdrager: "Remote buffer overflow in resolver code of libc"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 Jun 2002 08:24:36 -0700 From: David Conrad <david.conrad@nominum.com> To: Brett Glass <brett@lariat.org>, Mark Lastdrager <mark@pine.nl>, <bugtraq@securityfocus.com>
Hi,
On 6/26/02 4:50 PM, "Brett Glass" <brett@lariat.org> wrote:
> On individual machines, one could direct all queries to localhost and set
> up one's favorite name daemon (e.g. BIND or djbdns) to "sanitize"
> incoming responses.
My understanding is that this will work with BINDv9 since the cache
synthesizes all responses returned to the requestor and a bad response
wouldn't be synthesized. BINDv8 and BINDv4 will sometimes (in an attempt to
be faster) simply pass the authoritative response on to the requestor (which
is the bad thing). Don't have a clue about what dnscache or MS DNS would
do.
Rgds,
-drc
- Previous message: webmaster (Stephen Ostermiller): "Re: XSS in HTDIG"
- Maybe in reply to: Mark Lastdrager: "Remote buffer overflow in resolver code of libc"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
