FreeBSD 7.1 and BIND exploit
Oliver Fromme
olli at lurza.secnetix.de
Tue Jul 22 15:52:45 UTC 2008
Brett Glass wrote:
> At 02:24 PM 7/21/2008, Kevin Oberman wrote:
>
> > Don't forget that ANY server that caches data, including an end system
> > running a caching only server is vulnerable.
>
> Actually, there is an exception to this. A "forward only"
> cache/resolver is only as vulnerable as its forwarder(s). This is a
> workaround for the vulnerability for folks who have systems that they
> cannot easily upgrade: point at a trusted forwarder that's patched.
>
> We're also looking at using dnscache from the djbdns package.
I'm curious, is djbdns exploitable, too? Does it randomize
the source ports of UDP queries?
> Of course, all solutions that randomize ports are really just
> "security by obscurity," because by shuffling ports you're hiding the
> way to poison your cache... a little.
True, but there is currently no better solution, AFAIK.
The problem is inherent in the way DNS queries work.
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart
FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd
"That's what I love about GUIs: They make simple tasks easier,
and complex tasks impossible."
-- John William Chambless
More information about the freebsd-stable
mailing list