Bugtraq mailing list archives
Re: SNI-12: Update
From: perry () piermont com (Perry E. Metzger)
Date: Tue, 22 Apr 1997 23:39:44 -0400
Oliver Friedrichs writes:
I apologize for causing more traffic on this, however the patches in the advisory "SNI-12: BIND Vulnerabilities and Solutions" were modified by PGP when signing the message and will not apply without some hacking. Copies of the patches (both context and unified formats) can be obtained from ftp://ftp.secnet.com/pub/patches.
The patches given seem woefully inadequite in several respects -- a bad, easily predicted pseudorandom number generator being just one of the problems. The right technque is probably to adapt the methods used to prevent TCP sequence number guessing that were proposed by Steve Bellovin in RFC1948. Perry
A Windows NT version of the fixed BIND should also be availible soon until an official release is made (this is not the Microsoft DNS server, however BIND ported to Windows NT). It will be availible in the same directory. - Oliver - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Secure Networks Incorporated. Calgary, Alberta, Canada, (403) 262-9211
Current thread:
- SNI-12: Update Oliver Friedrichs (Apr 22)
- Re: SNI-12: Update Perry E. Metzger (Apr 22)