|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Vulnerability Issue in Implementations of the DNS Protocol
On Tuesday 24 May 2005 2:57 pm, Fergie (Paul Ferguson) wrote: > UNIRAS (UK Gov CERT)/NISCC: > http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html Seems to be similar to an issue discussed on Bugtraq in 1999 where they looked to exploit the recursive nature of some DNS decompression implementations to create a loop in the decompression code. At the time BIND wasn't vulnerable, which doesn't stop client side code being vulnerable, but would have mitigated the problem then. Still we could do with some more details, although I guess enough detail to start checking source code for the dedicated.
|