Hosting Provided By

Re: BIND 9 security update

From: Micah Anderson <micah(at)riseup.net>
Date: Wed Jul 25 2007 - 11:20:24 EDT

Florian Weimer <fw@deneb.enyo.de> [070725 01:36]:
> Will there be a timely security update for BIND 9, or does it make
> sene to roll your own?

There is a security update for this issue being put together since yesterday, its in the testing phase now.

Speaking of this issue... this problem existed before in BIND[1] as the old way of doing things was to have sequential 'sequence numbers', these were used to 'authenticate' responses and due to them being sequential they were easily guessed. The fix was to change the sequence numbers to be randomized. However, the field is only 16 bits and so now someone has found a way to predict the sequence numbers again (likely by looking at the algorithm used). Even so, the sequence numbers are not that difficult to predict because you can guess all 2^16 of them at the same time. This real problem in the DNS protocol at a very basic level.

Micah

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Wed Jul 25 11:18:21 2007

This message: [ Message body ]
Next message: Moritz Muehlenhoff: "Re: BIND 9 security update"
Previous message: paddy(at)panici.net: "Re: BIND 9 security update"
In reply to: Florian Weimer: "BIND 9 security update"
Next in thread: Moritz Muehlenhoff: "Re: BIND 9 security update"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Thu Aug 09 2007 - 19:05:21 EDT