Re: [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Hideki Yamane wrote:
>> The 2.6.24
>> kernel available since the last etch point release offers some
>> protection as well.
> Umm? This is NEW information for me. Could you give me any references?
> (certainly if you can disclosure. It is a sensitive issue.)
The Linux kernel implements UDP source port randomisation since 2.6.24:
| This patch causes UDP port allocation to be randomized like TCP.
| The earlier code would always choose same port (ie first empty list).