[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

Hideki Yamane  wrote:
>> The 2.6.24
>> kernel available since the last etch point release offers some
>> protection as well.
>
>  Umm? This is NEW information for me. Could you give me any references?
>  (certainly if you can disclosure. It is a sensitive issue.) 

The Linux kernel implements UDP source port randomisation since 2.6.24:

| This patch causes UDP port allocation to be randomized like TCP.
| The earlier code would always choose same port (ie first empty list).

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=32c1da70810017a98aa6c431a5494a302b6b9a30

Cheers,
        Moritz
Reply to: