Bug#491809: libc6: DNS spoofing vulnerability [CVE-2008-1447]

To: Aurelien Jarno <aurelien@aurel32.net>
Cc: 491809@bugs.debian.org, "brian m. carlson" <sandals@crustytoothpaste.ath.cx>
Subject: Bug#491809: libc6: DNS spoofing vulnerability [CVE-2008-1447]
From: Florian Weimer <fw@deneb.enyo.de>
Date: Tue, 22 Jul 2008 17:12:00 +0200
Message-id: <[🔎] 87ljzu9cn3.fsf@mid.deneb.enyo.de>
Reply-to: Florian Weimer <fw@deneb.enyo.de>, 491809@bugs.debian.org
In-reply-to: <[🔎] 4885F632.80605@aurel32.net> (Aurelien Jarno's message of "Tue, 22 Jul 2008 17:01:06 +0200")
References: <[🔎] 20080722001613.GA28684@crustytoothpaste.ath.cx> <[🔎] 871w1mmgmc.fsf@mid.deneb.enyo.de> <[🔎] 4885F632.80605@aurel32.net>

* Aurelien Jarno:

> IMHO, the UDP randomization commit has to be backported to the etch
> kernel. The advantage of this solution, is that it potentially fixes
> other bugs/vulnerabilities in other protocols/programs using UDP.

Currently, there is no suitable patch to backport.  I hope that improved
port randomization will be available shortly.

Reply to:

Follow-Ups:
- Bug#491809: libc6: DNS spoofing vulnerability [CVE-2008-1447]
  - From: Aurelien Jarno <aurelien@aurel32.net>

References:
- Bug#491809: libc6: DNS spoofing vulnerability [CVE-2008-1447]
  - From: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>
- Bug#491809: libc6: DNS spoofing vulnerability [CVE-2008-1447]
  - From: Florian Weimer <fw@deneb.enyo.de>
- Bug#491809: libc6: DNS spoofing vulnerability [CVE-2008-1447]
  - From: Aurelien Jarno <aurelien@aurel32.net>

Prev by Date: Bug#491786: marked as done ([INTL:sv] Swedish strings for tzdata debconf)
Next by Date: Processed: found 491809 in 2.3.6.ds1-13
Previous by thread: Bug#491809: libc6: DNS spoofing vulnerability [CVE-2008-1447]
Next by thread: Bug#491809: libc6: DNS spoofing vulnerability [CVE-2008-1447]
Index(es):
- Date
- Thread