Date: Sat, 8 Jul 2017 14:40:16 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Cc: daniel.salzman@....cz, ondrej@...ian.org Subject: Re: CVE for the TSIG issue in knot? Hi On Sat, Jun 24, 2017 at 02:28:20PM +0200, Solar Designer wrote: > On Sat, Jun 24, 2017 at 01:58:23PM +0200, Yves-Alexis Perez wrote: > > I noticed the recent issue in knot with TSIG bypass > > (https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html) > > Is is inappropriate to post only a link in here. In cases like this, > please also quote at least the most essential portion of the content > you're referring to, which is: > > "CZ.NIC has released Knot DNS 2.5.2 and Knot DNS 2.4.5. Beside > several fixes and improvements, these versions fix a flaw within the > TSIG protocol implementation that would allow an attacker with a > valid key name and algorithm to bypass the TSIG authentication if no > additional ACL restrictions is set. This vulnerability was > discovered by security experts from Synacktiv. Special thanks to > them!" FTR, this issue has been assigned CVE-2017-11104. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11104 Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ