oss-sec mailing list archives
Re: CVE Request New-djbdns: dnscache: potential cache poisoning
From: P J P <ppandit () redhat com>
Date: Tue, 11 Feb 2014 12:24:21 +0530 (IST)
Hi, +-- On Mon, 10 Feb 2014, P J P wrote --+ | I'll check with the upstream author for more clarification. Upstream author's reply:
On Tuesday, 11 February 2014 4:28 AM, Frank Denis wrote: The shorter the TTL of a record is, the easier a cache can be poisoned. It is when a record is NOT cached that spoofed authoritative replies can be sent and get a chance to reach the resolver before the legitimate one. As soon as a valid response is received, dnscache invalidates the state, discarding further responses, even if these are valid.
Hope it helps. Thank you. -- Prasad J Pandit / Red Hat Security Response Team
Current thread:
- CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 09)
- Re: CVE Request New-djbdns: dnscache: potential cache poisoning Florian Weimer (Feb 10)
- Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 10)
- Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 10)
- Re: CVE Request New-djbdns: dnscache: potential cache poisoning Michael Samuel (Feb 11)
- Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 11)
- Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 11)
- Re: CVE Request New-djbdns: dnscache: potential cache poisoning Michael Samuel (Feb 11)
- Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 11)
- Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 17)
- Re: CVE Request New-djbdns: dnscache: potential cache poisoning Michael Samuel (Feb 17)
- Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 18)
- Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 10)
- Re: CVE Request New-djbdns: dnscache: potential cache poisoning Florian Weimer (Feb 10)
- Re: CVE Request New-djbdns: dnscache: potential cache poisoning Michael Samuel (Feb 11)
- Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 11)