Re: Remote buffer overflow in resolver code of libc
From: David Conrad (david.conrad@nominum.com)Date: 06/27/02
- Previous message: Wolf, Glenn: "RE: DoS_Browser"
- In reply to: Brett Glass: "Re: Remote buffer overflow in resolver code of libc"
- Next in thread: Mikael Olsson: "Does the libc (BIND-4) resolver bug affect MS DNS too?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 Jun 2002 08:24:36 -0700 From: David Conrad <david.conrad@nominum.com> To: Brett Glass <brett@lariat.org>, Mark Lastdrager <mark@pine.nl>, <bugtraq@securityfocus.com>
Hi,
On 6/26/02 4:50 PM, "Brett Glass" <brett@lariat.org> wrote:
> On individual machines, one could direct all queries to localhost and set
> up one's favorite name daemon (e.g. BIND or djbdns) to "sanitize"
> incoming responses.
My understanding is that this will work with BINDv9 since the cache
synthesizes all responses returned to the requestor and a bad response
wouldn't be synthesized. BINDv8 and BINDv4 will sometimes (in an attempt to
be faster) simply pass the authoritative response on to the requestor (which
is the bad thing). Don't have a clue about what dnscache or MS DNS would
do.
Rgds,
-drc
- Previous message: Wolf, Glenn: "RE: DoS_Browser"
- In reply to: Brett Glass: "Re: Remote buffer overflow in resolver code of libc"
- Next in thread: Mikael Olsson: "Does the libc (BIND-4) resolver bug affect MS DNS too?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
