Bug#491809: libc6: DNS spoofing vulnerability [CVE-2008-1447]
reopen 491809
thanks
* Pierre Habouzit:
> Kaminsky agrees confirm the issue, so I can say for sure that the
> glibc isn't vulnerable to the attack he describes, as it needs a
> resolver that caches additionnal RRs, which the glibc doesn't do.
> As of attacks that would use non randomized source port use, this is
> addressed by recent kernels hence is fixed enough.
I've trouble parsing what you wrote.
Based on information provided at the DNS summit, I do think we should
harden the glibc stub resolver.
Reply to: