Date: Wed, 12 Feb 2014 11:23:54 +1100 From: Michael Samuel <mik@...net.net> To: oss-security@...ts.openwall.com Subject: Re: CVE Request New-djbdns: dnscache: potential cache poisoning On 12 February 2014 01:51, P J P <ppandit@...hat.com> wrote: > Hi, > > -> http://www.openwall.com/lists/oss-security/2014/02/11/7 > > This looks like the same issue - predictable hash collision. The same issue, different result. CVE-2013-6401 is a DoS vulnerability, which would result in excess CPU usage per hash lookup. The described issue would result in expiring attacker-specified (but not more) cache entries at approximately the same CPU cost. So this is something else. Regards, Michael
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ