Bugtraq mailing list archives
Re: SNI-12: BIND Vulnerabilities and Solutions
From: daw () CS BERKELEY EDU (David Wagner)
Date: Tue, 22 Apr 1997 18:11:23 -0700
In article <Pine.BSI.3.95.970422043557.16266A-100000 () silence secnet com>, Oliver Friedrichs <oliver () SECNET COM> wrote:
This advisory contains descriptions and solutions for two vulnerabilities present in current BIND distributions. These vulnerabilities are actively being exploited on the Internet. I. The usage of predictable IDs in queries and recursed queries allows for remote cache corruption. This allows malicious users to alter domain name server caches to change the addresses and hostnames of hosts on the internet.
Thanks for carefully describing the serious security vulnerability. However, I think your patch won't fix the problem. It attempts to make the query ID unpredictable, but fails -- the "random" numbers it generates are still predictable (after a trivial 2^16 offline trials). And the seeding is terrible -- two years ago Netscape used timeofday and pid to seed their PRNG, too, and look what happened to them. Tell me I'm missing something.
Current thread:
- Re: SNI-12: BIND Vulnerabilities and Solutions, (continued)
- Re: SNI-12: BIND Vulnerabilities and Solutions Paul A Vixie (Apr 23)
- Re: SNI-12: BIND Vulnerabilities and Solutions (+ more problems) Johannes Erdfelt (Apr 23)
- Re: SNI-12: BIND Vulnerabilities and Solutions (+ more problems) Gene Spafford (Apr 23)
- Re: SNI-12: BIND Vulnerabilities and Solutions (+ more problems) Michael K. Sanders (Apr 23)
- Re: SNI-12: BIND Vulnerabilities and Solutions (+ more problems) Johannes Erdfelt (Apr 23)
- Re: SNI-12: BIND Vulnerabilities and Solutions (+ more problems) Yiorgos Adamopoulos (Apr 24)
- firewall-1: old broadcast address hole? Tom Vandepoel (Apr 24)
- CERT Advisory CA-97.10 - Vulnerability in Natural Language Service Aleph One (Apr 24)
- CERT Vendor-Initiated Bulletin VB-97.02 - Guestbook Script Vul Aleph One (Apr 24)
- [linux-security] Linux squake security hole (provides root if Aleph One (Apr 24)
- Re: SNI-12: BIND Vulnerabilities and Solutions David Wagner (Apr 22)
- Re: SNI-12: BIND Vulnerabilities and Solutions Theo de Raadt (Apr 22)
- ANUNCIO: Nueva lista sobre seguridad, en espanol Ivan Arce,CORE (Apr 22)
- Re: ANUNCIO: Nueva lista sobre seguridad, en espanol The CyberFish (Apr 23)
- Re: SNI-12: BIND Vulnerabilities and Solutions David Wagner (Apr 23)
- Re: SNI-12: BIND Vulnerabilities and Solutions David Wagner (Apr 23)