Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 11 Feb 2014 12:24:21 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
Subject: Re: CVE Request New-djbdns: dnscache: potential cache
 poisoning

   Hi,

+-- On Mon, 10 Feb 2014, P J P wrote --+
| I'll check with the upstream author for more clarification.

Upstream author's reply:

 > On Tuesday, 11 February 2014 4:28 AM, Frank Denis wrote:
 >
 > The shorter the TTL of a record is, the easier a cache can be poisoned.
 > It is when a record is NOT cached that spoofed authoritative replies
 > can be sent and get a chance to reach the resolver before the
 > legitimate one.
 > 
 > As soon as a valid response is received, dnscache invalidates the state, 
 > discarding further responses, even if these are valid.


Hope it helps. Thank you.
--
Prasad J Pandit / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.