Date: Mon, 15 Sep 2008 20:59:40 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com cc: coley@...us.mitre.org Subject: Re: CVE Request (ruby -- DNS spoofing vulnerability in resolv.rb) On Thu, 11 Sep 2008, Tomas Hoger wrote: > > We're treating this as a distinct issue because this is *REALLY* bad > > randomness within a particular implementation, besides the inherent > > limitation of DNS when source ports are fixed. > > Applying this rule, separate id should probably be used for PyDNS  >  and adns  as well, at they both suffer from the similar flaws - > use predictable transactions ids and source port. CVE-2008-4099 - PyDNS CVE-2008-4100 - adns - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ